PT-2008-4497 · Mybb · Mybb

Ostro

Published

2008-07-08

Updated

2012-11-27

CVE-2008-3070

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: MyBB versions prior to 1.2.13

Description: The issue is related to an unspecified vulnerability in the inc/datahandler/user.php file, which is likely connected to SQL injection. The vulnerability involves the user['language'] variable.

Recommendations: For versions prior to 1.2.13, update to version 1.2.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the inc/datahandler/user.php file or limiting the use of the user['language'] variable until the update is applied.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2008-3070

Affected Products

Mybb

PT-2008-4497 · Mybb · Mybb

CVE-2008-3070

Weakness Enumeration

Related Identifiers

Affected Products

References · 5