CVE-2013-6936 Information

Description

Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter.

Reference

http://osvdb.org/100030 http://packetstormsecurity.com/files/124091/MyBB-Ajaxfs-SQL-Injection.html http://seclists.org/bugtraq/2013/Nov/102 http://www.exploit-db.com/exploits/29797 http://www.iedb.ir/exploits-889.html https://exchange.xforce.ibmcloud.com/vulnerabilities/89084