2006-07-21 18:00:00
mitre
PUBLISHED
SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER[HTTP_CLIENT_IP] variable), as utilized by index.php.