Hey

I have heard that MiniBB is vunerable for SQL and XSS injections? When are they gonna remove those injections? Please ASAP? Everyone using miniBB's website is in great danger!

Please remove them, because beside that, miniBB is great forum software!

Come down, any knows problems are fixed in miniBB 2.5a. Unless you know something that others don't know..?

"I have heard" is not the fact. Give us some facts or exact URLs, may be there is something we don't know about.

We fix XSS and SQL injection issues as soon as they come up. What you may read / browse on Internet, could be outdated. If you are reading news or text regarding this, pay attention to the publishing date. Some news are marked 2008, 2006 or even 2004. Of course, we have fixed all those issues long time ago for the recent release.

Keep on.

BTW any website using open source software, is in danger. All websites using Wordpress are in danger. All forums using phpBB or vBulletin are in danger. Come on, you life is in danger every second. Be serious about such complaints.

Google;
exploit-db[dot]com/exploits/15415/
secgeeks[dot]com/minibb_sql_injection.html
juniper[dot]net/security/auto/vulnerabilities/vuln28930.html

And they're talking about the newest version: 2.5!

Version 2.5 is a history. The latest version is 2.5a which fixed them all.

The first one was fixed in 2.5.

The second one refers to November 4th, 2007 where it was posted (now we have 2010 ending) - and again, I am not sure what this guy is writing about. No proofs of contest available - the same way you may write about any software.

The third one refers to miniBB 2.2, the version from 2008.

You don't have to doubt that everything you can find on Internet, is already fixed in miniBB, or if it's a "fresh" issue, it's going to be fixed in a business day term.