BugTraq
[KAPDA]MyBB1.1.3~Option update for code buttons~Sql Injection Admin Access Jun 22 2006 02:19PM
addmimistrator gmail com
ORIGINAL ADVISORY:

http://myimei.com/security/2006-06-21/mybb113option-update-for-code-butt
onssql-injection-admin-access.html

http://www.kapda.ir/page-advisory.html

??????-Summary?????-

Software: MyBB

Sowtware?s Web Site: http://www.mybboard.com

Versions: 1.1.3

Class: Remote

Status: Patched

Exploit: Available

Discovered by: imei addmimistrator

Risk Level: very high

??????Description?????

There is a security bug in MyBB 1.1.3 software (latest version fully patched) file usercp.php that allows attacker performe a SQLINJECTION attack.

READ ORIGINAL ADVISORY FOR MORE DETAILS.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus