Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MyBB < 1.1.4 SQL Injection

High

Synopsis

The remote host is vulnerable to a SQL Injection attack.

Description

The remote host is running an older version of MyBulletinBoard. The vendor has released version 1.1.4 in order to fix a flaw. Specifically, this version of MyBB is vulnerable to a remote SQL injection flaw. An attacker exploiting this flaw would only need to be able to send a malformed HTTP query that contains SQL commands. Successful exploitation would result in the attacker executing arbitrary SQL commands on the backend database server.

Solution

Upgrade to version 1.1.4 or higher.