Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11033
HistoryJan 15, 2006 - 12:00 a.m.

MyBB 1.0.2 SQL injection in usercp.php

2006-01-1500:00:00
vulners.com
11
JSON

this is a bug report for MyBB 1.0.2(latest version)
bug found by imei
there is a security bug in usercp.php line 830 that Allows SQL Injection and can result to full access to admin cp.
bug is in result of poor checking of $mybb->input['threadmode'] value against all other values in usercp.php file line:830 ====>
"threadmode" => $mybb->input['threadmode'],
bug reported to vendors some days ago
bests.
imei

JSON