| VID |
21710 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The MyBulletinBoard program is vulnerable to an SQL injection vulnerability in the 'ratethread.php' script. MyBulletinBoard is a freely available forum package developed in PHP and MYSQL. MyBulletinBoard versions 1.0 RC4 and earlier allow a remote attacker to execute arbitrary SQL commands, caused by improper filtering of user-supplied input passed to multiple parameters of the the calendar.php, online.php, memberlist.php, editpost.php, forumdisplay.php, newreply.php, search.php, showthread.php, usercp2.php, printthread.php, reputation.php, portal.php, and ratethread.php scripts. If the magic_quotes_gpc option is disabled, these vulnerabilities could permit a remote attacker to pass malicious input to database queries, potentially resulting in data exposure, modification of the query logic, or even data modification or attacks against the database itself.
* References:
http://www.s4a.cc/forum/archive/index.php/t-3953.html
http://secunia.com/advisories/16738
* Platforms Affected:
MyBB Group, MyBulletinBoard versions 1.0 RC4 and earlier
Any operating system Any version |
| Recommendation |
Apply the patch for MyBB version 1.0 RC4, as available from the MyBB RC4 Security Update page at http://www.mybboard.com/community/showthread.php?tid=2559
As a workaround, set "magic_quotes_gpc" to "On" in php.ini file. |
| Related URL |
CVE-2005-1833 (CVE) |
| Related URL |
14786 (SecurityFocus) |
| Related URL |
20809 (ISS) |
|
