Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MyBB < 1.6.10 Multiple Vulnerabilities

Medium

Synopsis

The remote web server is running a PHP application that is vulnerable to multiple attack vectors.

Description

Versions of MyBB (MyBulletinBoard) prior to 1.6.10 are affected by the following vulnerabilities :

- A SQL injection vulnerability exists due to improper sanitization of user-supplied input during database optimization. (OSVDB 92683) - A SQL injection vulnerability exists due to improper sanitization of user-supplied input when creating database backups. (OSVDB 92684) - A cross-site scripting vulnerability (XSS) exists due to improper validation of user-supplied input passed via theme names. (OSVDB 92685) - An information disclosure vulnerability exists due to improper verification of permissions for forums where a user can only see their own threads. (OSVDB 92686) - A cross-site scripting vulnerability exists due to improper validation of user-supplied input passed via the debug page. (OSVDB 92687) - An unspecified vulnerability exists due to improper validation of user-supplied input in 'modcp.php'. (OSVDB 92688) - An unspecified vulnerability exists due to improper validation of user-supplied input in 'calendar.php'. (OSVDB 92689)

Solution

Upgrade to MyBB version 1.6.10 or later.