Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
MyBB Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2010-5096 - Vulnerability Database
MyBB

MyBB Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2010-5096

High
Reference: CVE-2010-5096
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2010-5096
Title: MyBB Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

DISPUTED Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php. NOTE: the vendor disputes this issue saying quotAlthough this doesn39t lead to an SQL injection it does provide a general MyBB SQL error.quot