Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MyBB < 1.1.1 Multiple Script Variable Overwrite

High

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote version of MyBB does not properly initialize global variables in the 'global.php' and 'inc/init.php' scripts. An unauthenticated attacker can leverage this issue to overwrite global variables through GET and POST requests and launch other attacks against the affected application.

Solution

Upgrade to verison 1.1.1 or higher.