|
|
Family: CGI abuses --> Category: attack
MyBB comma Parameter SQL Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for comma parameter SQL injection vulnerability in MyBB
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is susceptible
to SQL injection attacks.
Description :
The remote version of MyBB fails to sanitize input to the 'comma'
parameter used by several scripts before using it in database queries.
This may allow an unauthenticated attacker to uncover sensitive
information such as password hashes, modify data, launch attacks
against the underlying database, etc.
Note that successful exploitation requires that PHP's
'register_globals' setting be enabled.
See also :
http://www.securityfocus.com/archive/1/426653/30/30/threaded
Solution :
Disable PHP's 'register_globals' setting.
Threat Level:
Medium / CVSS Base Score : 4
(AV:R/AC:H/Au:NR/C:P/A:N/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
