SHARE
CORE IMPACT v8 - Exploits Update (Tue Jun 30 2009)
MyBB Privilege Escalation Exploit
Exploits/Authentication Weakness []
• Tue Jun 30 2009
A vulnerability has been reported in MyBB, which can be exploited by malicious users to conduct SQL injection attacks. Input passed via the "birthdayprivacy" parameter to inc/datahandlers/user.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires a valid user account. The vulnerability is reported in MyBB 1.4.x versions prior to 1.4.7.
Exploits Vulnerabiltiy: NOCVE-9999-38921