MyBB Global Variable Overwrite Vulnerability

MyBB Global Variable Overwrite Vulnerability

Attackers may exploit this issue with a web browser.

The following example URI will perform an SQL-injection attack by overwriting the '_SERVER[HTTP_CLIENT_IP]' variable:

http://www.example.com/mybb/global.php?_SERVER[HTTP_CLIENT_IP]=â??sql