[原文]search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid parameters.
MyBulletinBoard (MyBB) contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker provides malformed input to the search.php script, which may disclose the database table prefix in an SQL error message. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
Upgrade to version 1.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.