Release date:
Updated on:
Affected Systems:
MyBB 1.6.8
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53814
MyBB is a popular Web forum program.
MyBB 1.6.8 has the SQL injection vulnerability. After successful exploitation, attackers can control applications, access or modify data, or exploit other vulnerabilities.
<* Source: Mr. XpR
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Http://www.example.com/forums/member.php? Action = profile & amp; uid = [Sqli]
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
MyBB
----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.mybboard.com/