Neg127

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.0.2 **Description** The issue allows attackers to conduct SQL injection attacks via an attachment name that is not properly handled by `inc/functions upload.php`. This could also lead to other attacks related to `threadmode` in `usercp.php`. **Recommendations** For versions prior to 1.0.2, update to version 1.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `inc/functions upload.php` file and the `usercp.php` file to minimize the risk of exploitation. Avoid using vulnerable attachment names in the affected API endpoint until the issue is resolved.