Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MyBB < 1.8.7 Multiple Vulnerabilities

High

Synopsis

The remote web server is running a PHP application that is vulnerable to multiple attack vectors.

Description

Versions of MyBB (MyBulletinBoard) prior to 1.8.7 are affected by the following vulnerabilities :

- A flaw in the moderation tool does not properly sanitize user-supplied input before using it in SQL queries allowing a remote attacker to inject or manipulate SQL queries in the back-end database, leading to the manipulation or disclosure of arbitrary data. (OSVDB 135915) - A flaw exists in the 'newreply.php' script due to a missing permission check allowing an attacker to perform unspecified actions without the appropriate permissions. (OSVDB 135916) - Multiple flaws exist because the program does not validate input before returning it to users, allowing a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 135917, OSVDB 135918, OSVDB 135919, OSVDB 135920, OSVDB 135921, OSVDB 135922) - An unspecified flaw may allow an attacker to gain access to potentially sensitive database details through templates. (OSVDB 135923) - A flaw exists when sending mails from ACP that may allow a remote attacker to disclose the software's ACP path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks. (OSVDB 135924) - A flaw exists due to the program using insufficient entropy for 'adminsid' and 'sid' resulting in the predictable generation of values. (OSVDB 135925) - An unspecified flaw in ACP may allow a context-dependent attacker to conduct a clickjacking attack. (OSVDB 135926) - A flaw exists due to a lack of directory listing protection mechanisms for uploaded directories allowing a remote attacker to gain unauthorized access to information about directories. (OSVDB 135927) - A flaw exists that may allow carrying out a SQL injection attack. The issue is due to the 'forumdisplay.php' script not properly sanitizing user-supplied input to the 'threadsperpage' setting before using it in SQL queries. This may allow an authenticated, remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. (OSVDB 144502) - A flaw exists that allows a stored cross-site scripting (XSS) attack. This flaw exists because the program does not validate input to forum post attachments before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 148589) - A flaw exists that allows a reflected XSS attack. This flaw exists because the 'upgrade30.php' script does not validate input to the 'ipstart' POST parameter before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 148590) - A flaw exists that allows a reflected XSS attack. This flaw exists because the '/Upload/search.php' script does not validate input to error messages before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 148591) - A flaw exists that allows a reflected XSS attack. This flaw exists because the 'upgrade3.php' script does not validate input to the 'ipstart' POST parameter before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 148592) - A flaw exists that allows a reflected XSS attack. This flaw exists because the 'upgrade12.php' script does not validate input to the 'ipstart' POST parameter before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 148593) - A flaw exists that allows a reflected XSS attack. This flaw exists because the 'upgrade13.php' script does not validate input to the 'ipstart' POST parameter before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 148594) - A flaw exists that allows a reflected XSS attack. This flaw exists because the 'upgrade30.php' script does not validate input to the 'ipstart' POST parameter before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 148595) - A flaw exists that allows a stored XSS attack. This flaw exists because the '/Upload/modcp.php' script does not validate input to user signatures before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 148596)

Solution

Upgrade to MyBB version 1.8.7 or later.