[VIM] Vendor ACK of MyBB issue

Steven M. Christey coley at mitre.org
Tue Nov 22 19:41:53 EST 2005

Vendor acknowledgement of CVE-2005-3326 (usercp.php?awayday SQL
injection in MyBB) is at:


along with a small reference to a DoS, which is alluded to in

The forum post "MyBB PR2 Security Update [1/11/05]" identifies "The
major security issue could allow your board to be compromised via an
SQL injection based vulnerability... discovered on the 26th
October..." and includes usercp.php in the patched files, which shows
cleansing of the awayday parameter.  The date also aligns with the
Bugtraq post.

- Steve

More information about the VIM mailing list