Family: CGI abuses --> Category: attack
MyBB member.php SQL Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for SQL injection vulnerability in MyBB's member.php script
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that is prone to SQL
The remote version of MyBB fails to sanitize user-supplied input to
the avatar upload system via the 'uid' parameter of the 'member.php'
script. If PHP's 'magic_quotes_gpc' setting is disabled, a possible hacker
may be able to leverage this issue to uncover password hashes and
thereby gain access to the application's admin panel.
See also :
Either enable PHP's 'magic_quotes_gpc' setting or upgrade to MyBB
Preview Release 2 or later.
Medium / CVSS Base Score : 6
Click HERE for more information and discussions on this network vulnerability scan.