TUCoPS :: Web BBS :: Frequently Exploited

TUCoPS :: Web BBS :: Frequently Exploited :: b06-3281.htm
MyBB 1.1.3~Option update for code buttons~Sql Injection Admin Access

MyBB1.1.3~Option update for code buttons~Sql Injection Admin Access MyBB1.1.3~Option update for code buttons~Sql Injection Admin Access


ORIGINAL ADVISORY:=0D
http://myimei.com/security/2006-06-21/mybb113option-update-for-code-buttonssql-injection-admin-access.html=0D 
http://KAPDA.ir=0D 
=97=97=97=97=97=97-Summary=97=97=97=97=97-=0D
Software: MyBB=0D
Sowtware=92s Web Site: http://www.mybboard.com=0D 
Versions: 1.1.3=0D
Class: Remote=0D
Status: Patched=0D
Exploit: Available=0D
Discovered by: imei addmimistrator=0D
Risk Level: high=0D
=97=97=97=97=97=96Description=97=97=97=97=97=0D
There is a security bug in MyBB 1.1.3 software (latest version fully patched) file usercp.php that allows attacker performe a SQLINJECTION attack.=0D
=0D
SEE ORIGINAL ADVISORY FOR MORE DETAILES.=0D