Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[Full-disclosure] Ultimate Auction <=3.67

[Full-disclosure] EZDatabase Directory Transversal, XSS and Path Disclosure Vulnerability

FullPath disclosure in Xaraya 1.0.1

ezDatabase 2.0 and below

From:	imei <addmimistrator_(at)_gmail.com>
Date:	15.01.2006
Subject:	MyBB 1.0.2 SQL injection in usercp.php

this is a bug report for MyBB 1.0.2(latest version)
bug found by imei
there is a security bug in usercp.php line 830 that Allows SQL Injection and can result to full access to admin cp.
bug is in result of poor checking of $mybb->input['threadmode'] value against all other values in usercp.php file line:830 ====>
"threadmode" => $mybb->input['threadmode'],
bug reported to vendors some days ago
bests.
imei