Vulnerabilities

CVE-2006-3758

by Fred · 20/07/2006

inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php.

Date published : 2006-07-20

http://community.mybboard.net/showthread.php?tid=10115

http://www.mybboard.com/archive.php?nid=15

Similar

Tags: Cybersecurity Alert