Cross site request forgery (csrf)

search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid parameters...

MyBB 1.0.2 SQL injection in usercp.php

this is a bug report for MyBB 1.0.2latest version bug found by imei there is a security bug in usercp.php line 830 that Allows SQL Injection and can result to full access to admin cp. bug is in result of poor checking of $mybb-input'threadmode' value against all other values in usercp.php file...