SQL Injection Vulnerability in MyBB by MyBB Group
CVE-2005-4602

Currently unrated

Key Information:

Vendor: MyBB Group
Status: MyBB
Vendor: CVE Published:; 31 December 2005

What is CVE-2005-4602?

An SQL injection vulnerability exists in the inc/function_upload.php file of MyBB versions prior to 1.0.1. This flaw allows remote attackers to craft malicious file uploads with certain extensions, resulting in the execution of arbitrary SQL commands. If successfully exploited, this vulnerability could potentially compromise the integrity of the database, allowing attackers unauthorized access to sensitive data and facilitating further attacks on the server.

References

http://www.vupen.com/english/advisories/2006/0012

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/archive/1/420573/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.osvdb.org/22159

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Jan 1, 2006
Vulnerability published
Dec 31, 2005