CVE-2005-1833

Name of the Vulnerable Software and Affected Versions MyBB version 1.00 RC4

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via various parameters in different PHP files, including the eid parameter to "calendar.php", the idsql parameter to "online.php", the usersearch parameter to "memberlist.php", the pid parameter to "editpost.php", the fid parameter to "forumdisplay.php", the tid parameter to "newreply.php", the sid parameter to "search.php", the tid or pid parameter to "showthread.php", the tid parameter to "usercp2.php", the tid parameter to "printthread.php", or the pid parameter to "reputation.php".

Recommendations For MyBB version 1.00 RC4, consider disabling the parameters eid, idsql, usersearch, pid, fid, tid, and sid in their respective PHP files until a patch is available. Restrict access to the vulnerable PHP files, such as "calendar.php", "online.php", "memberlist.php", "editpost.php", "forumdisplay.php", "newreply.php", "search.php", "showthread.php", "usercp2.php", "printthread.php", and "reputation.php", to minimize the risk of exploitation. Avoid using these parameters in the affected API endpoints until the issue is resolved.