Summary
This host is installed with MyBB and is prone to SQL injection vulnerability.
Impact
Successful exploitation will let attackers to manipulate SQL queries by injecting arbitrary SQL code and gain sensitive information.
Impact Level: Application
Solution
Upgrade to version 1.6.13 or later,
For updates refer to http://mybb.com
Insight
Flaw is due to improper validation of user-supplied input passed to 'sid' parameter in 'search.php' page.
Affected
MyBB 1.6.12, previous versions may also be affected.
Detection
Send a crafted exploit string via HTTP GET request and check whether it is possible to execute sql query.
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Advanced Guestbook Index.PHP SQL Injection Vulnerability
- Arkeia Appliance Path Traversal Vulnerability
- 3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability
- Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
- Apache Archiva Multiple Remote Command Execution Vulnerabilities