Description
Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by IeDb ir · textwebappsphp
https://www.exploit-db.com/exploits/29797
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/100030
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/29797
Exploit x_refsource_misc
http://packetstormsecurity.com/files/124091/MyBB-Ajaxfs-SQL-Injection.html
Various Sources x_refsource_misc
http://www.iedb.ir/exploits-889.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/89084
Exploit mailing-list
x_refsource_bugtraq
http://seclists.org/bugtraq/2013/Nov/102
Scores
EPSS
0.0106
EPSS Percentile
77.8%
Details
CWE
CWE-89
Status
published
Products (1)
mybb/ajax_forum_stat
2.0
Published
Dec 04, 2013
Tracked Since
Feb 18, 2026