CVE-2006-3775 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-3775
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-3775

Description: SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER['HTTP_CLIENT_IP'] variable), as utilized by index.php.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/27752 SREASON http://securityreason.com/securityalert/1262 SAID Secunia Advisory: SA21070 MISC http://retrogod.altervista.org/mybb_115_sql.html CONFIRM http://www.mybboard.com/archive.php?nid=16 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/440163/100/0/threaded

Return to the previous page.