CVE-2013-6936

2013-12-0415:00:00

mitre

www.cve.org

8.5 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

67.8%

JSON

Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter.

References

osvdb.org/100030

packetstormsecurity.com/files/124091/MyBB-Ajaxfs-SQL-Injection.html

seclists.org/bugtraq/2013/Nov/102

www.exploit-db.com/exploits/29797

www.iedb.ir/exploits-889.html

exchange.xforce.ibmcloud.com/vulnerabilities/89084