Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
MyBB 1.0 SQL injection in uploading file
Dec 31 2005 09:55AM
addmimistrator gmail com
there is a security bug in inc/function_upload.php script in mybb all version (except two days ago security updated version) that allows SQL INJECTION
this bug is in function of upload attachment .
when a file goes to upload this function test that if file has a valid extension . for this call g...
[ more ]
Copyright 2010, SecurityFocus