Family: CGI abuses --> Category: attack
MyBBB rating Parameter SQL Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for rating parameter SQL injection vulnerability in MyBB
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that is prone to SQL
The remote version of MyBB is prone to a SQL injection attack due to
its failure to sanitize user-supplied input to the 'rating' parameter
of the 'ratethread.php' script before using it in database queries.
See also :
Enable PHP's 'magic_quotes_gpc' setting.
Medium / CVSS Base Score : 4
Click HERE for more information and discussions on this network vulnerability scan.