Description
SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775.
Remediation
References
Related Vulnerabilities
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2022-28129)
WordPress Plugin WP Banners Lite Cross-Site Scripting (1.40)
Plone CMS Improper Input Validation Vulnerability (CVE-2013-4199)
Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-7187)