{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-11-19T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "100030", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/100030"}, {"name": "29797", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/29797"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/124091/MyBB-Ajaxfs-SQL-Injection.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.iedb.ir/exploits-889.html"}, {"name": "mybb-ajaxfs-sql-injection(89084)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89084"}, {"name": "20131120 Mybb Ajaxfs Plugin Sql Injection vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://seclists.org/bugtraq/2013/Nov/102"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-6936", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "100030", "refsource": "OSVDB", "url": "http://osvdb.org/100030"}, {"name": "29797", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/29797"}, {"name": "http://packetstormsecurity.com/files/124091/MyBB-Ajaxfs-SQL-Injection.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/124091/MyBB-Ajaxfs-SQL-Injection.html"}, {"name": "http://www.iedb.ir/exploits-889.html", "refsource": "MISC", "url": "http://www.iedb.ir/exploits-889.html"}, {"name": "mybb-ajaxfs-sql-injection(89084)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89084"}, {"name": "20131120 Mybb Ajaxfs Plugin Sql Injection vulnerability", "refsource": "BUGTRAQ", "url": "http://seclists.org/bugtraq/2013/Nov/102"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-6936", "datePublished": "2013-12-04T15:00:00", "dateReserved": "2013-12-04T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mybb:ajax_forum_stat:2.0:-:*:*:*:mybb:*:*", "matchCriteriaId": "6C256D31-0385-47E7-97AE-47CE2B77B82D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en ajaxfs.php en el plugin Ajax form stat (Ajaxfs) 2.0 para MyBB (tambi\u00e9n conocido como MyBulletinBoard) permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de par\u00e1metros (1) tooltip o (2) usertooltip."}], "id": "CVE-2013-6936", "lastModified": "2017-08-29T01:34:01.950", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-12-04T18:56:56.977", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/100030"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://packetstormsecurity.com/files/124091/MyBB-Ajaxfs-SQL-Injection.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://seclists.org/bugtraq/2013/Nov/102"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/29797"}, {"source": "cve@mitre.org", "url": "http://www.iedb.ir/exploits-889.html"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89084"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}