CVE-2006-2103

Name of the Vulnerable Software and Affected Versions MyBB version 1.1.1

Description The issue allows remote authenticated administrators to execute arbitrary SQL commands. This can be achieved via the query string ($querystring variable) in admin/adminlogs.php, which is not properly handled by adminfunctions.php. Alternatively, exploitation can occur through the setid, expand, title, or sid2 parameters to admin/templates.php.

Recommendations For MyBB version 1.1.1, consider restricting access to the admin/adminlogs.php and admin/templates.php files until a patch is available. As a temporary workaround, avoid using the $querystring variable in admin/adminlogs.php and the setid, expand, title, or sid2 parameters in admin/templates.php to minimize the risk of exploitation.