icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

MyBB < 1.1.1 Multiple Script Variable Overwrite

High

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote version of MyBB does not properly initialize global variables in the 'global.php' and 'inc/init.php' scripts. An unauthenticated attacker can leverage this issue to overwrite global variables through GET and POST requests and launch other attacks against the affected application.

Solution

Upgrade to verison 1.1.1 or higher.