MyBB < 1.6.18 / 1.8.x < 1.8.6 Multiple Vulnerabilities
Critical Nessus Network Monitor Plugin ID 9124
SynopsisThe remote web server is running a PHP application that is vulnerable to multiple attack vectors.
DescriptionVersions of MyBB (MyBulletinBoard) prior to 1.6.18, or 1.8.x prior to 1.8.6 are affected by the following vulnerabilities :
- An unspecified flaw exists in the 'xmlhttp.php' script that may allow a remote attacker to bypass authentication mechanisms for the forum. No further details have been provided by the vendor. (OSVDB 127289)
- A flaw exists that may allow carrying out a SQL injection attack. The issue is due to the 'Grouppromotions' Module (ACP) not properly sanitizing user-supplied input before using it in SQL queries. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. (OSVDB 127290)
- A cross-site scripting (XSS) flaw exists because the error handler does not validate input before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 127291)
- A XSS flaw exists because the program does not validate input related to old upgrade files before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 127292)
- A flaw exists related to error log files that may allow a remote attacker to disclose the software's installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks. (OSVDB 127293)
- A flaw exists as HTTP requests to 'member.php' do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. By tricking a user into following a specially crafted link, a context-dependent attacker can perform a Cross-Site Request Forgery (CSRF / XSRF) attack causing the victim to log in via an attacker-controlled account. (OSVDB 144501)
SolutionUpgrade to MyBB version 1.6.17 / 1.8.5 or later.