Bugtraq mailing list archives
MyBB 1.0.2 SQL injection in usercp.php
From: addmimistrator () gmail com
Date: 14 Jan 2006 19:14:46 -0000
this is a bug report for MyBB 1.0.2(latest version) bug found by imei there is a security bug in usercp.php line 830 that Allows SQL Injection and can result to full access to admin cp. bug is in result of poor checking of $mybb->input['threadmode'] value against all other values in usercp.php file line:830 ====> "threadmode" => $mybb->input['threadmode'], bug reported to vendors some days ago bests. imei
Current thread:
- MyBB 1.0.2 SQL injection in usercp.php addmimistrator (Jan 14)
- <Possible follow-ups>
- Re: MyBB 1.0.2 SQL injection in usercp.php o . y . 6 (Jan 16)