CVE-2007-1963

Name of the Vulnerable Software and Affected Versions MyBB versions 1.2.3 and earlier

Description A SQL injection issue exists in the create session function in class session.php, allowing remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, which is utilized by index.php.

Recommendations For MyBB versions 1.2.3 and earlier, as a temporary workaround, consider restricting access to the create session function in class session.php until a patch is available. Avoid using the Client-IP HTTP header in the index.php file to minimize the risk of exploitation.