Key Information Vulnerability Overview Product: MyBulletinBoard (MyBB) 1.2.10 Vulnerability Type: Multiple Vulnerabilities CVE ID: 2008-0382 EDB-ID: 4928 Author: WARAXE Platform: PHP Date: 2008-01-16 Affected Application: MyBB Main Vulnerability Details 1. Remote Code Execution in "forumdisplay.php" - Prerequisites: Requires knowledge of a valid forum "fid" - Attack Method: Can be exploited without any permissions - Example Attack Request: - - Problematic Code: 2. Remote Code Execution in "search.php" - Prerequisites: Requires knowledge of a valid "sid", which is easily obtainable - Attack Method: Can be exploited without any permissions - Example Attack Request: - - Problematic Code: Solution Fix: Download and upgrade to the latest version of MyBB, 1.2.11