Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2103

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2006-2103
Last Modified 05 Aug 2011 12:00:00
Published 29 Apr 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2006-2103

Summary

SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2) setid, (3) expand, (4) title, or (5) sid2 parameters to (b) admin/templates.php.

Vulnerable Systems

Application

  • Mybulletinboard 1.1.1


References

XF - mybb-adminfunctions-templates-sql-injection(26103)

VUPEN - ADV-2006-1566

BUGTRAQ - 20060427 MyBB 1.1.1 Local SQL Injections

OSVDB - 25075

OSVDB - 25074

SREASON - 808

SECUNIA - 19865


Last Updated: 27 May 2016 10:42:20