|
Description
|
|
Two vulnerabilities have been identified in MyBB, which may be exploited by remote attackers to execute arbitrary SQL commands.
The first flaw is due to an input validation error in the "misc.php" script that does not properly validate the "comma" variable before being used in SQL statements, which could be exploited by malicious people to conduct SQL injection attacks via a specially crafted cookie.
The second issue is due to an input validation error in the "search.php" script that does not properly validate the "forums[]" parameter before being used in SQL statements, which could be exploited by malicious people to conduct SQL injection attacks.
|
