inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php.
References
Configurations
History
No history.
Information
Published : 2006-07-21 14:03
Updated : 2024-02-28 10:42
NVD link : CVE-2006-3758
Mitre link : CVE-2006-3758
CVE.ORG link : CVE-2006-3758
JSON object : View
Products Affected
mybulletinboard
- mybulletinboard
CWE