MyBB 1.0.2 SQL injection
Hey
this is a bug report for mybb software ( forum software downloadable from
http://www.mybboard.com)
bug found by imei;
bug is in usercp.php file line 830 (ver 1.0.2 latest ver) that allows SQL
injection
bug is in result of poor checking for $mybb->input['threadmode'] value that can
have quote and can change other fields' values and may result to full access to
admin cp (by injecting usergroup field)
bug is reported to vendor and perhaps they will patched it soon.
bests
imei