CVE-2011-5277

Name of the Vulnerable Software and Affected Versions Advanced Forum Signatures plugin version 2.0.4 for MyBB

Description The issue concerns SQL injection vulnerabilities in the signature.php file of the Advanced Forum Signatures plugin for MyBB. Remote attackers can execute arbitrary SQL commands by manipulating certain parameters. The vulnerable parameters include afs type, afs background, afs showonline, afs bar left, afs bar center, afs full line1, afs full line2, afs full line3, afs full line4, afs full line5, and afs full line6.

Recommendations For Advanced Forum Signatures plugin version 2.0.4, consider restricting access to the signature.php file until a patch is available. As a temporary workaround, avoid using the vulnerable parameters in the plugin's configuration to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.