CVE-2006-3758

CVE-2006-3758 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.