Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

MyBB comma Parameter SQL Injection Vulnerability Vulnerability Scan

Vulnerability Scan Summary
Checks for comma parameter SQL injection vulnerability in MyBB

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP application that is susceptible
to SQL injection attacks.

Description :

The remote version of MyBB fails to sanitize input to the 'comma'
parameter used by several scripts before using it in database queries.
This may allow an unauthenticated attacker to uncover sensitive
information such as password hashes, modify data, launch attacks
against the underlying database, etc.

Note that successful exploitation requires that PHP's
'register_globals' setting be enabled.

See also :

Solution :

Disable PHP's 'register_globals' setting.

Threat Level:

Medium / CVSS Base Score : 4

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.