Description
SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775.
Remediation
References
Related Vulnerabilities
Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2017-1000353)
Dotclear Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-1613)
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-5489)
MySQL CVE-2014-6484 Vulnerability (CVE-2014-6484)
WordPress Plugin NextGEN Gallery-WordPress Gallery Remote Code Execution (2.1.59)