MyBB < 1.1.4 SQL Injection
High Nessus Network Monitor Plugin ID 3663
SynopsisThe remote host is vulnerable to a SQL Injection attack.
DescriptionThe remote host is running an older version of MyBulletinBoard. The vendor has released version 1.1.4 in order to fix a flaw. Specifically, this version of MyBB is vulnerable to a remote SQL injection flaw. An attacker exploiting this flaw would only need to be able to send a malformed HTTP query that contains SQL commands. Successful exploitation would result in the attacker executing arbitrary SQL commands on the backend database server.
SolutionUpgrade to version 1.1.4 or higher.