CVE-2008-2029

Name of the Vulnerable Software and Affected Versions miniBB versions 2.2 and earlier

Description The issue concerns SQL injection vulnerabilities in setup mysql.php and setup options.php. These vulnerabilities allow remote attackers to execute arbitrary SQL commands when register globals is enabled. The attack vector is the xtr parameter in a userinfo action to "index.php".

Recommendations For miniBB versions 2.2 and earlier, consider disabling the register globals setting to mitigate the risk of SQL injection attacks. Restrict access to setup mysql.php and setup options.php to minimize the risk of exploitation. Avoid using the xtr parameter in the userinfo action to "index.php" until the issue is resolved.