| VID |
21709 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The MyBulletinBoard program is vulnerable to multiple SQL injection vulnerabilities in multiple scripts. MyBulletinBoard is a freely available forum package developed in PHP and MYSQL. MyBulletinBoard versions 1.00 RC1 through 1.00 RC4 allow a remote attacker to execute arbitrary SQL commands, caused by improper filtering of user-supplied input passed to the 'location' variable of the 'global.php' script, the 'username' parameter of the 'admin/index.php' script, the 'action' parameter of the 'search.php' script and the 'polloptions' parameter of the 'polls.php' script. If the magic_quotes_gpc option is disabled, these vulnerabilities could permit a remote attacker to pass malicious input to database queries, potentially resulting in data exposure, modification of the query logic, or even data modification or attacks against the database itself.
* References:
http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0397.html
http://www.securityfocus.com/archive/1/407960
http://www.securityfocus.com/archive/1/408624
http://www.securityfocus.com/archive/1/409523
* Platforms Affected:
MyBB Group, MyBulletinBoard versions 1.00 RC1 through 1.00 RC4
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of September 2005.
Upgrade to the latest version of MyBulletinBoard, when new fixed version becomes available from the MyBB Group Download Web site at http://www.mybboard.com
As a workaround, set "magic_quotes_gpc" to "On" in php.ini file. |
| Related URL |
CVE-2005-2580,CVE-2005-2778 (CVE) |
| Related URL |
14553,14615,14684 (SecurityFocus) |
| Related URL |
21798 (ISS) |
|
