icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

MyBB < 1.1.6 HTTP Header CLIENT-IP Field SQL Injection

Medium

Synopsis

The remote web server contains a PHP application that is susceptible to a SQL injection attack.

Description

The remote version of MyBB fails to sanitize input to the 'CLIENT-IP' request header before using it in a database query when initiating a sesion in 'inc/class_session.php'. This may allow an unauthenticated attacker to uncover sensitive information such as password hashes, modify data, launch attacks against the underlying database, and more. Note that successful exploitation is possible regardless of PHP's settings.

Solution

Upgrade to version 1.1.6 or higher.