[KAPDA]MyBB1.1.3~Option update for code buttons~Sql Injection Admin Access

addmimistrator Mon, 26 Jun 2006 14:47:09 -0700

ORIGINAL ADVISORY:

http://myimei.com/security/2006-06-21/mybb113option-update-for-code-buttonssql-injection-admin-access.html


http://KAPDA.ir

-Summary-

Software: MyBB

Sowtwares Web Site: http://www.mybboard.com

Versions: 1.1.3

Class: Remote

Status: Patched

Exploit: Available

Discovered by: imei addmimistrator

Risk Level: high

Description

There is a security bug in MyBB 1.1.3 software (latest version fully patched) 
file usercp.php that allows attacker performe a SQLINJECTION attack.


SEE ORIGINAL ADVISORY FOR MORE DETAILES.

[KAPDA]MyBB1.1.3~Option update for code buttons~Sql Injection Admin Access

Reply via email to