MyBulletinBoard (MyBB) member.php uid Parameter SQL Injection

2005-01-04T05:25:45
ID OSVDB:12798
Type osvdb
Reporter Scott MacVicar(scottm@spamcop.net)
Modified 2005-01-04T05:25:45

Description

Vulnerability Description

MyBB contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'uid' parameter in the 'member.php' script is not verified properly and will allow a remote attacker to inject or manipulate SQL queries.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

MyBB contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'uid' parameter in the 'member.php' script is not verified properly and will allow a remote attacker to inject or manipulate SQL queries.

References:

Vendor URL: http://www.mybboard.com/ Security Tracker: 1012769 Secunia Advisory ID:13722 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-01/0011.html ISS X-Force ID: 18755 CVE-2005-0282 CVE-2005-2697 Bugtraq ID: 12161