CVE-2005-2888

Name of the Vulnerable Software and Affected Versions MyBB versions Preview Release 2

Description The issue concerns SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This can be achieved via the fid parameter to "misc.php" or the Content-Disposition field in the HTTP header to "newreply.php".

Recommendations For MyBB version Preview Release 2, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the "misc.php" and "newreply.php" scripts to minimize the risk of exploitation. Avoid using the fid parameter in the "misc.php" script and the Content-Disposition field in the HTTP header to the "newreply.php" script until the issue is resolved.