Описание
SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.3 (включая)Версия до 1.2.3 (включая)
Одно из
cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*
cpe:2.3:a:mybulletinboard:mybulletinboard:*:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01512
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775.
EPSS
Процентиль: 81%
0.01512
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other