Vulnerabilities > CVE-2006-0523 - SQL-Injection vulnerability in MyBulletinBoard

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

mybulletinboard

NVD

Published: 2006-02-02

Updated: 2017-07-20

Summary

SQL injection vulnerability in global.php in MyBB before 1.03 allows remote attackers to execute arbitrary SQL commands via the templatelist variable.

Vulnerable Configurations

Part	Description	Count
Application	Mybulletinboard Mybulletinboard Mybulletinboard 1.0.1 Mybulletinboard Mybulletinboard 1.0.2 Mybulletinboard Mybulletinboard 1.0_Final Mybulletinboard Mybulletinboard 1.0_Pr2 Mybulletinboard Mybulletinboard 1.0_Preview_Release_2 Mybulletinboard Mybulletinboard 1.0_Rc2 Mybulletinboard Mybulletinboard 1.0_Rc4	7

References

http://community.mybboard.net/showthread.php?tid=6418
http://secunia.com/advisories/18678
http://www.osvdb.org/22903
http://www.vupen.com/english/advisories/2006/0400
https://exchange.xforce.ibmcloud.com/vulnerabilities/24416