CVE-2013-6936
Summary
| CVE | CVE-2013-6936 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-12-04 18:56:00 UTC |
| Updated | 2017-08-29 01:34:00 UTC |
| Description | Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter. |
Risk And Classification
Problem Types: CWE-89
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Mybb | Ajax Forum Stat | 2.0 | - | All | All |
| Application | Mybb | Ajax Forum Stat | 2.0 | - | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 100030 | OSVDB | osvdb.org | |
| Mybb Ajaxfs Plugin Sql Injection vulnerability | MISC | www.iedb.ir | |
| MyBB Ajaxfs SQL Injection ≈ Packet Storm | MISC | packetstormsecurity.com | Exploit |
| MyBB Ajaxfs 2 Plugin - SQL Injection Vulnerability | EXPLOIT-DB | www.exploit-db.com | Exploit |
| Bugtraq: Mybb Ajaxfs Plugin Sql Injection vulnerability | BUGTRAQ | seclists.org | Exploit |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.