Description
SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775.
Remediation
References
Related Vulnerabilities
TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-23503)
Oracle JRE CVE-2022-21299 Vulnerability (CVE-2022-21299)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-11619)
WordPress Plugin Users Ultra SQL Injection (1.4.35)
Moodle Incorrect Authorization Vulnerability (CVE-2021-20282)