MyBB Sid Sql Injection Vulnerability Network Vulnerability

Summary

This host is installed with MyBB and is prone to SQL injection vulnerability.

Impact

Successful exploitation will let attackers to manipulate SQL queries by injecting arbitrary SQL code and gain sensitive information. Impact Level: Application

Solution

Upgrade to version 1.6.13 or later, For updates refer to http://mybb.com

Insight

Flaw is due to improper validation of user-supplied input passed to 'sid' parameter in 'search.php' page.

Affected

MyBB 1.6.12, previous versions may also be affected.

Detection

Send a crafted exploit string via HTTP GET request and check whether it is possible to execute sql query.

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

admin.cgi overflow
Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability
Atutor AContent Multiple SQL Injection and XSS Vulnerabilities
AjaxPortal 'di.php' File Inclusion Vulnerability
b2Evolution title SQL Injection

MyBB sid Sql Injection Vulnerability

Take action and discover your vulnerabilities