{"edition": 1, "title": "MyBulletinBoard (MyBB) admin/templates.php Multiple Variable SQL Injection", "bulletinFamily": "software", "published": "2006-04-27T07:02:34", "lastseen": "2017-04-28T13:20:21", "modified": "2006-04-27T07:02:34", "reporter": "N/A(o.y.6@hotmail.com)", "viewCount": 1, "href": "https://vulners.com/osvdb/OSVDB:25075", "description": "## Vulnerability Description\nMyBulletinBoard (MyBB) contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin/templates.php script not properly sanitizing user-supplied input to the \"setid\", \"expand\", \"title\", and \"sid2\" variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Technical Description\nAn attacker must supply valid admin authentication credentials in order to exploit this vulnerability.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nMyBulletinBoard (MyBB) contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin/templates.php script not properly sanitizing user-supplied input to the \"setid\", \"expand\", \"title\", and \"sid2\" variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Manual Testing Notes\n/admin/templates.php?action=do_add&title=Devil&template=Div&setid=[SQL]'\n/admin/templates.php?expand=' UNION ALL SELECT 1,2/*\n/admin/templates.php?action=diff&title=[SQL]'\n/admin/templates.php?action=diff&sid2=[SQL]'\n## References:\n[Secunia Advisory ID:19865](https://secuniaresearch.flexerasoftware.com/advisories/19865/)\n[Related OSVDB ID: 25074](https://vulners.com/osvdb/OSVDB:25074)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-04/0565.html\nISS X-Force ID: 26103\nFrSIRT Advisory: ADV-2006-1566\n[CVE-2006-2103](https://vulners.com/cve/CVE-2006-2103)\n", "affectedSoftware": [{"name": "MyBulletinBoard (MyBB)", "version": "1.1.1", "operator": "eq"}], "type": "osvdb", "references": [], "enchantments": {"score": {"value": 6.9, "vector": "NONE", "modified": "2017-04-28T13:20:21", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-2103"]}, {"type": "osvdb", "idList": ["OSVDB:25074"]}], "modified": "2017-04-28T13:20:21", "rev": 2}, "vulnersScore": 6.9}, "cvss": {"vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/", "score": 2.1}, "cvelist": ["CVE-2006-2103"], "id": "OSVDB:25075"}

{"cve": [{"lastseen": "2020-10-03T11:48:15", "description": "SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2) setid, (3) expand, (4) title, or (5) sid2 parameters to (b) admin/templates.php.\nSuccessful exploitation requires access to the admin section.", "edition": 3, "cvss3": {}, "published": "2006-04-29T10:02:00", "title": "CVE-2006-2103", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-2103"], "modified": "2018-10-18T16:38:00", "cpe": ["cpe:/a:mybulletinboard:mybulletinboard:1.1.1"], "id": "CVE-2006-2103", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2103", "cvss": {"score": 2.1, "vector": "AV:N/AC:H/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.1:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:21", "bulletinFamily": "software", "cvelist": ["CVE-2006-2103"], "edition": 1, "description": "## Vulnerability Description\nMyBulletinBoard (MyBB) contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin/adminfunctions.php script not properly sanitizing user-supplied input to the 'querystring' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Technical Description\nAn attacker must supply valid admin authentication credentials in order to exploit this vulnerability.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nMyBulletinBoard (MyBB) contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin/adminfunctions.php script not properly sanitizing user-supplied input to the 'querystring' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Manual Testing Notes\n/admin/adminlogs.php?action=view&D3vil-0x1=[SQL]'\n## References:\n[Secunia Advisory ID:19865](https://secuniaresearch.flexerasoftware.com/advisories/19865/)\n[Related OSVDB ID: 25075](https://vulners.com/osvdb/OSVDB:25075)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-04/0565.html\nISS X-Force ID: 26103\nFrSIRT Advisory: ADV-2006-1566\n[CVE-2006-2103](https://vulners.com/cve/CVE-2006-2103)\n", "modified": "2006-04-27T07:02:34", "published": "2006-04-27T07:02:34", "href": "https://vulners.com/osvdb/OSVDB:25074", "id": "OSVDB:25074", "title": "MyBulletinBoard (MyBB) admin/adminfunctions.php querystring Variable SQL Injection", "type": "osvdb", "cvss": {"score": 2.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}]}