Vulnerabilities > CVE-2007-1963 - SQL-Injection vulnerability in MyBB

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
mybb
mybulletinboard
exploit available

Summary

SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775.

Exploit-Db

descriptionMyBulletinBoard (MyBB) <= 1.2.3 Remote Code Execution Exploit. CVE-2007-1963. Webapps exploit for php platform
fileexploits/php/webapps/3653.php
idEDB-ID:3653
last seen2016-01-31
modified2007-04-03
platformphp
port
published2007-04-03
reporterDarkFig
sourcehttps://www.exploit-db.com/download/3653/
titleMyBulletinBoard MyBB <= 1.2.3 - Remote Code Execution Exploit
typewebapps