Description
SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. NOTE: 1.04 has also been reported to be affected.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Devil-00 · perlwebappsphp
https://www.exploit-db.com/exploits/1548
exploitdb
WORKING POC
VERIFIED
by Devil-00 · textwebappsphp
https://www.exploit-db.com/exploits/1539
References (9)
Scores
EPSS
0.0458
EPSS Percentile
89.3%
Details
CWE
CWE-89
Status
published
Products (2)
mybulletinboard/mybulletinboard
1.0.3
mybulletinboard/mybulletinboard
1.0.4
Published
Mar 02, 2006
Tracked Since
Feb 18, 2026