Detections
Analytics
MyBB < 1.6.9 Multiple Vulnerabilities
medium Nessus Plugin ID 64936
Language:
Synopsis
The remote web server hosts a PHP application that is affected by multiple vulnerabilities.Description
According to its version number, the MyBB install hosted on the remote web server is affected by multiple vulnerabilities :- A brute-force weakness exists in the CAPTCHA system due to an unspecified flaw.
- A SQL injection vulnerability due to improper sanitization user-supplied input to the 'posthash' parameter of the 'editpost.php' script. A remote attacker can exploit this issue to manipulate SQL queries, resulting in the disclosure of sensitive information and modification of data.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to MyBB version 1.6.9 or later.See Also
http://www.nessus.org/u?706d0129
https://blog.mybb.com/2012/12/14/mybb-1-6-9-security-release/
Plugin Details
Severity: Medium
ID: 64936
File Name: mybb_169.nasl
Version: 1.11
Type: remote
Family: CGI abuses
Published: 2/28/2013
Updated: 4/11/2022
Configuration: Enable paranoid mode, Enable thorough checks
Supported Sensors: Nessus
Risk Information
CVSS v2
Risk Factor: Medium
Base Score: 6
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:mybb:mybb
Required KB Items: www/PHP, Settings/ParanoidReport, installed_sw/MyBB
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 12/14/2012
Vulnerability Publication Date: 12/14/2012
Reference Information
BID: 56960