CVE-2006-0638: SQL Injection
First published: Fri Feb 10 2006(Updated: )
SQL injection vulnerability in moderation.php in MyBB (aka MyBulletinBoard) 1.0.3 allows remote authenticated users, with certain privileges for moderating and merging posts, to execute arbitrary SQL commands via the posts parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mybulletinboard | =1.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://myimei.com/security/2006-02-07/mybb103moderationphpsqlinject-while-merging-posts.html
- http://www.osvdb.org/22957
- http://secunia.com/advisories/18754
- http://www.securityfocus.com/bid/16538
- http://www.vupen.com/english/advisories/2006/0475
- http://www.securityfocus.com/archive/1/424335/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-0638?
CVE-2006-0638 is classified as a medium severity vulnerability.
How do I fix CVE-2006-0638?
To fix CVE-2006-0638, upgrade MyBB to a newer version where the vulnerability is patched.
Who is affected by CVE-2006-0638?
CVE-2006-0638 affects remote authenticated users of MyBB 1.0.3 with specific privileges for moderating posts.
What type of vulnerability is CVE-2006-0638?
CVE-2006-0638 is an SQL injection vulnerability.
Can CVE-2006-0638 allow unauthorized access?
CVE-2006-0638 could potentially allow attackers to execute arbitrary SQL commands, which may compromise the database integrity.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/mybulletinboard
- canonical/mybulletinboard
- version/mybulletinboard/1.0.3