CVE-2006-3775

Name of the Vulnerable Software and Affected Versions MyBB versions 1.1.5

Description The issue allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header, which is accessed through the HTTP CLIENT IP variable in the init function in class session.php. This is utilized by index.php.

Recommendations For MyBB version 1.1.5, as a temporary workaround, consider restricting access to the init function in class session.php to minimize the risk of exploitation. Avoid using the HTTP CLIENT IP variable in the affected code until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.