Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

MyBB forums Parameter SQL Injection Vulnerability Vulnerability Scan

Vulnerability Scan Summary
Checks for forums parameter SQL injection vulnerability in MyBB

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP script that is susceptible to SQL
injection attacks.

Description :

The remote version of MyBB fails to sanitize input to the 'forums'
parameter of the 'search.php' script before using it in database
queries. This may allow an unauthenticated attacker to uncover
sensitive information such as password hashes, modify data, launch
attacks against the underlying database, etc.

See also :

Solution :

Edit 'search.php' and ensure 'forum' takes on only integer values as
described in the original advisory.

Threat Level:

Medium / CVSS Base Score : 5

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.