Detections
Analytics
MyBB < 1.6.9 Multiple Vulnerabilities
medium Nessus Plugin ID 64936
Language:
Synopsis
The remote web server hosts a PHP application that is affected by multiple vulnerabilities.Description
According to its version number, the MyBB install hosted on the remote web server is affected by multiple vulnerabilities :- A brute-force weakness exists in the CAPTCHA system due to an unspecified flaw.
- A SQL injection vulnerability due to improper sanitization user-supplied input to the 'posthash' parameter of the 'editpost.php' script. A remote attacker can exploit this issue to manipulate SQL queries, resulting in the disclosure of sensitive information and modification of data.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to MyBB version 1.6.9 or later.See Also
http://www.nessus.org/u?706d0129
https://blog.mybb.com/2012/12/14/mybb-1-6-9-security-release/
Plugin Details
Severity: Medium
ID: 64936
File Name: mybb_169.nasl
Version: 1.12
Type: remote
Family: CGI abuses
Published: 2/28/2013
Updated: 6/5/2024
Configuration: Enable paranoid mode, Enable thorough checks
Supported Sensors: Nessus
Enable CGI Scanning: true
Vulnerability Information
CPE: cpe:/a:mybb:mybb
Required KB Items: www/PHP, Settings/ParanoidReport, installed_sw/MyBB
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 12/14/2012
Vulnerability Publication Date: 12/14/2012
Reference Information
BID: 56960