Detections
Analytics
MyBB < 1.1.6 HTTP Header CLIENT-IP Field SQL Injection
medium Nessus Network Monitor Plugin ID 3689
Synopsis
The remote web server contains a PHP application that is susceptible to a SQL injection attack.Description
The remote version of MyBB fails to sanitize input to the 'CLIENT-IP' request header before using it in a database query when initiating a sesion in 'inc/class_session.php'. This may allow an unauthenticated attacker to uncover sensitive information such as password hashes, modify data, launch attacks against the underlying database, and more. Note that successful exploitation is possible regardless of PHP's settings.Solution
Upgrade to version 1.1.6 or higher.See Also
http://retrogod.altervista.org/mybb_115_sql.html
http://www.securityfocus.com/archive/1/440163/30/0/threaded
Plugin Details
Severity: Medium
ID: 3689
Family: CGI
Published: 7/25/2006
Updated: 3/6/2019
Nessus ID: 22055
Risk Information
VPR
Risk Factor: Medium
Score: 6.3
CVSS v2
Risk Factor: Medium
Base Score: 5.8
Temporal Score: 5.5
Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Medium
Base Score: 6.3
Temporal Score: 6.2
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:F/RL:U/RC:X
Vulnerability Information
CPE: cpe:/a:mybulletinboard:mybulletinboard
Reference Information
CVE: CVE-2006-3775
BID: 18997