CVE-2006-1974

Mybulletinboard - SQL Injection

Title source: rule
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1974. PoCs published by Devil-00.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in MyBB via the 'referrer' parameter in the 'index.php' script. It allows an attacker to bypass authentication and retrieve administrative credentials by manipulating cookie data.

Description

SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Devil-00 · textwebappsphp
https://www.exploit-db.com/exploits/27155

This exploit demonstrates an SQL injection vulnerability in MyBB via the 'referrer' parameter in the 'index.php' script. It allows an attacker to bypass authentication and retrieve administrative credentials by manipulating cookie data.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: MyBB 1.1.2 and prior versions
No auth needed
Prerequisites: Access to the target MyBB instance · Ability to send crafted HTTP requests
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/16443/exploit
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16443

Scores

EPSS 0.0103
EPSS Percentile 59.2%

Details

Status published
Products (8)
mybulletinboard/mybulletinboard 1.0.1
mybulletinboard/mybulletinboard 1.0.2
mybulletinboard/mybulletinboard 1.0.3
mybulletinboard/mybulletinboard 1.0_final
mybulletinboard/mybulletinboard 1.0_pr2
mybulletinboard/mybulletinboard 1.0_preview_release_2
mybulletinboard/mybulletinboard 1.0_rc2
mybulletinboard/mybulletinboard 1.0_rc4
Published Apr 21, 2006
Tracked Since Feb 18, 2026