Description

SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775.

Remediation

References

CVE-2007-1963

Related Vulnerabilities

Drupal Core 8.5.x Remote Code Execution (8.5.0 - 8.5.10)

WordPress Plugin OdiHost Newsletter 'openstat.php' SQL Injection (1.0)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-7411)

WordPress Plugin WP-Polls SQL Injection (2.71)

WordPress Plugin Wechat Broadcast Local/Remote File Inclusion (1.2.0)

Severity

High

Classification

CVE-2007-1963

Tags

Missing Update Known Vulnerabilities