CVE-2006-0959

Name of the Vulnerable Software and Affected Versions MyBB versions 1.03 through 1.04

Description A SQL injection issue exists, allowing remote attackers to execute arbitrary SQL commands. This occurs when the register globals setting is enabled, and the comma variable value is set via the comma parameter in a cookie.

Recommendations For MyBB versions 1.03 through 1.04, consider disabling the register globals setting to mitigate the risk of SQL injection attacks. As a temporary workaround, restrict access to the misc.php file until a patch is available. Avoid using the comma parameter in cookies for the affected API endpoint until the issue is resolved.