Unrated severityNVD Advisory· Published Dec 4, 2013· Updated Apr 29, 2026

CVE-2013-6936

Description

Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter.

Affected products

MyBB/Ajax Forum Stat
cpe:2.3:a:mybb:ajax_forum_stat:2.0:-:*:*:*:mybb:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/124091/MyBB-Ajaxfs-SQL-Injection.htmlnvdExploit
seclists.org/bugtraq/2013/Nov/102nvdExploit
www.exploit-db.com/exploits/29797nvdExploit
osvdb.org/100030nvd
www.iedb.ir/exploits-889.htmlnvd
exchange.xforce.ibmcloud.com/vulnerabilities/89084nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000