SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote malicious users to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER['HTTP_CLIENT_IP'] variable), as utilized by index.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mybulletinboard mybulletinboard 1.1.5 |