| VID |
21814 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The MyBulletinBoard program is vulnerable to multiple SQL injection vulnerabilities which exist in versions prior to 1.0. MyBulletinBoard is a freely available forum package developed in PHP and MYSQL. MyBulletinBoard versions prior to 1.0 allow a remote attacker to execute arbitrary SQL commands, caused by improper filtering of user-supplied input passed to the 'month', 'day', and 'year' parameters of the 'addevent' action in 'calendar.php' script and the 'list' parameter of the 'editlists' action of 'usercp.php' script and the 'rating' parameter of the 'rate' action of 'member.php' script and the 'rating' parameter of the 'showthread.php' script and the 'threadmode' and 'showcodebuttons' parameters of the 'options' action in 'usercp.php' script. These vulnerabilities could permit a remote attacker to pass malicious input to database queries, potentially resulting in data exposure, modification of the query logic, or even data modification or attacks against the database itself. Successful exploitation requires that PHP's 'register_globals' setting be enabled and possibly that 'magic_quotes_gpc' be disabled.
* References:
http://community.mybboard.net/showthread.php?tid=5184
http://www.frsirt.com/english/advisories/2005/2842
http://www.trapkit.de/advisories/TKPN2005-12-001.txt
http://www.trapkit.de/advisories/TKADV2005-12-001.txt
http://securitytracker.com/id?1015407
http://secunia.com/advisories/18000
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040584.html
* Platforms Affected:
MyBB Group, MyBulletinBoard versions prior to 1.0
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of MyBulletinBoard (1.0 or later), available from the MyBB Group Web site at http://www.mybboard.com |
| Related URL |
CVE-2005-4199,CVE-2005-4200 (CVE) |
| Related URL |
15793 (SecurityFocus) |
| Related URL |
(ISS) |
|
