Published: 31/05/2005 Updated: 18/10/2016

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote malicious users to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to online.php, (3) usersearch parameter to memberlist.php, (4) pid parameter to editpost.php, (5) fid parameter to forumdisplay.php, (6) tid parameter to newreply.php, (7) sid parameter to search.php, (8) tid or (9) pid parameter to showthread.php, (10) tid parameter to usercp2.php, (11) tid parameter to printthread.php, or (12) pid parameter to reputation.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mybulletinboard mybulletinboard

#!/usr/bin/perl -w # # SQL Injection Exploit for MyBulletinBoard (MyBB) <= 100 RC4 # This exploit show the MD5 crypted password of the user id you've chose # Related advisory: # Patch: wwwmybboardcom/community/showthreadphp?tid=2559 # fain182badrootorg # wwwcodebugorg # Discovered by Alberto Trivero and coded with F ...

NVD-CWE-Other http://www.mybboard.com/community/showthread.php?tid=2559 http://secunia.com/advisories/15552 http://www.osvdb.org/17024 http://marc.info/?l=bugtraq&m=111757191118050&w=2 https://nvd.nist.gov https://www.exploit-db.com/exploits/1022/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-1833

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect