Bug #464

Invalid avatar extensions

Added by Ryan Gordon over 2 years ago. Updated almost 2 years ago.

Status:Closed Start date:09/20/2009
Priority:Normal Due date:
Assignee:Ryan Gordon % Done:

100%
Category:-
Target version:-
Reproducibility:Always SQA assignments:
Reported In MyBB Version:1.4.8

Description

There is an SQL Injection vulnerability in avatar extension checking & validating. You are able to bypass it with a specially crafted filename.

History

#1
Updated by Ryan Gordon over 2 years ago

  • Project changed from Security Issues to MyBB

#2
Updated by Ryan Gordon over 2 years ago

  • Category set to 12
  • Target version set to 1.4.9

#3
Updated by Ryan Gordon over 2 years ago

  • % Done changed from 0 to 100

Applied in changeset r4458

#4
Updated by Ryan Gordon over 2 years ago

  • Status changed from Confirmed to Closed

#5
Updated by Ryan Gordon almost 2 years ago

  • Project changed from MyBB to Security Issues
  • Category deleted (12)
  • Target version deleted (1.4.9)

Also available in: Atom PDF