Posts Tagged ‘Albums Plugin’

SQL-injection alertVulnerability: SQL-injection MyBB Profile Albums Plugin

Danger: Middle
If the Patch: None
Number of vulnerabilities: 1

Impact: Unauthorized change
CWE ID: No Information
Be exploited: PoC code
Affected Products: Profile Albums 0.x (plugin for MyBB)

Affected versions: MyBB Profile Albums Plugin 0.9, maybe earlier

Description:

The vulnerability allows a remote user to execute arbitrary SQL commands in the application database. (more…)