MyBB < 1.4.7 SQL Injection
High Nessus Network Monitor Plugin ID 5085
SynopsisThe remote web server is running a PHP application that is vulnerable to a SQL-injection attack.
DescriptionThe remote web server is running a version of MyBB earlier than 1.4.7. Such versions reportedly fail to properly sanitize user-supplied data to the 'birthdayprivacy' parameter of the 'usercp.php' script before using it in an SQL query. An attacker could exploit this flaw to access or modify sensitive information.
SolutionUpgrade to MyBB 1.4.7 or later.