Is $db->query() vulnerable?
Can you provide an example query you think can exploit the query?

MyBB's $db class has mostly been the same, in regards to security, for a very long time. For plugins and core MyBB code you should use $db->escape_string() for variables which might contain injection code.

If you're using $db->query(), be sure to clean your code. As far as I know all the default usage of it is sanitized. Otherwise there is a default MySQL Injection vulnerability.

Messages In This Thread
Is $db->query() vulnerable? - by mariolatif741 - 2018-12-17, 02:01 PM
RE: Is $db->query() vulnerable? - by labrocca - 2018-12-17, 05:32 PM
RE: Is $db->query() vulnerable? - by Euan T - 2018-12-17, 08:26 PM

Forum Jump:

Users browsing this thread: 1 Guest(s)