Published: 21/04/2006 Updated: 05/09/2008

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) prior to 1.04 allows remote malicious users to execute arbitrary SQL commands via the referrer parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mybulletinboard mybulletinboard 1.0_preview_release_2
mybulletinboard mybulletinboard 1.0_rc2
mybulletinboard mybulletinboard 1.0_rc4
mybulletinboard mybulletinboard 1.0.1
mybulletinboard mybulletinboard 1.0.3
mybulletinboard mybulletinboard 1.0_pr2
mybulletinboard mybulletinboard 1.0.2
mybulletinboard mybulletinboard 1.0_final

source: wwwsecurityfocuscom/bid/16443/info MyBB is prone to an SQL-injection vulnerability The vulnerability presents itself when user-supplied input via cookie data is passed to the 'indexphp' script Successful exploitation can allow an attacker to bypass authentication and gain administrative access to a site Other attacks may als ...

NVD-CWE-Other http://www.securityfocus.com/bid/16443/exploit http://www.securityfocus.com/bid/16443 https://nvd.nist.gov https://www.exploit-db.com/exploits/27155/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-1974

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect