CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 4CVE-2013-6936 – MyBB Ajaxfs 2 Plugin - SQL Injection
https://notcve.org/view.php?id=CVE-2013-6936
Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter. Múltiples vulnerabilidades de inyección SQL en ajaxfs.php en el plugin Ajax form stat (Ajaxfs) 2.0 para MyBB (también conocido como MyBulletinBoard) permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de parámetros (1) tooltip o (2) usertooltip. • https://www.exploit-db.com/exploits/29797 http://osvdb.org/100030 http://packetstormsecurity.com/files/124091/MyBB-Ajaxfs-SQL-Injection.html http://seclists.org/bugtraq/2013/Nov/102 http://www.exploit-db.com/exploits/29797 http://www.iedb.ir/exploits-889.html https://exchange.xforce.ibmcloud.com/vulnerabilities/89084 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •