CVE-2013-6936: SQL Injection
First published: Wed Dec 04 2013(Updated: )
Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mybb Ajax Forum Stat | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-6936?
CVE-2013-6936 is considered a high-severity vulnerability due to its potential for remote SQL command execution.
How do I fix CVE-2013-6936?
To fix CVE-2013-6936, update the Ajax Forum Stat plugin to a version that addresses SQL injection vulnerabilities.
What are the affected versions for CVE-2013-6936?
CVE-2013-6936 affects MyBB Ajax Forum Stat plugin version 2.0.
Can CVE-2013-6936 be exploited remotely?
Yes, CVE-2013-6936 can be exploited remotely by attackers through crafted HTTP requests.
What impact does CVE-2013-6936 have on MyBB users?
CVE-2013-6936 allows attackers to execute arbitrary SQL commands, potentially compromising the database and sensitive information.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/mybb
- canonical/mybb ajax forum stat
- version/mybb ajax forum stat/2.0