CVE-2006-0219

Name of the Vulnerable Software and Affected Versions MyBB versions prior to 1.0.2

Description The issue allows attackers to conduct SQL injection attacks via an attachment name that is not properly handled by inc/functions upload.php. This could also lead to other attacks related to threadmode in usercp.php.

Recommendations For versions prior to 1.0.2, update to version 1.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the inc/functions upload.php file and the usercp.php file to minimize the risk of exploitation. Avoid using vulnerable attachment names in the affected API endpoint until the issue is resolved.