CVE-2006-3775
published 2006-07-24CVE-2006-3775: SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.44%
82.2th percentile
SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER['HTTP_CLIENT_IP'] variable), as utilized by index.php.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mybb | mybb | <= 1.2.3 | — |
| mybulletinboard | mybulletinboard | <= 1.2.3 | — |
| mybulletinboard | mybulletinboard | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4g4p-5fvp-37cw: SQL injection vulnerability in the init function in class_session
ghsa_unreviewed·2022-05-01
CVE-2006-3775 [HIGH] CWE-89 GHSA-4g4p-5fvp-37cw: SQL injection vulnerability in the init function in class_session
SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER['HTTP_CLIENT_IP'] variable), as utilized by index.php.
GHSA
GHSA-3v74-qmfm-rv65: SQL injection vulnerability in the create_session function in class_session
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-1963 [HIGH] GHSA-3v74-qmfm-rv65: SQL injection vulnerability in the create_session function in class_session
SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775.
No detection rules found.
No writeups or analysis indexed.
http://retrogod.altervista.org/mybb_115_sql.htmlhttp://secunia.com/advisories/21070http://securityreason.com/securityalert/1262http://www.mybboard.com/archive.php?nid=16http://www.securityfocus.com/archive/1/440163/100/0/threadedhttp://www.vupen.com/english/advisories/2006/2811https://exchange.xforce.ibmcloud.com/vulnerabilities/27752http://retrogod.altervista.org/mybb_115_sql.htmlhttp://secunia.com/advisories/21070http://securityreason.com/securityalert/1262http://www.mybboard.com/archive.php?nid=16http://www.securityfocus.com/archive/1/440163/100/0/threadedhttp://www.vupen.com/english/advisories/2006/2811https://exchange.xforce.ibmcloud.com/vulnerabilities/27752
2006-07-24
Published