SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
oryginał ENCVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HMybb Merge System
APPMybb≤ 1.8.5Mybb
APPMybb1.8.01.8.11.8.21.8.31.8.41.8.5≤ 1.6.17
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLi
CWE
Referencje
Powiązane podatności
CVE-2011-10018CRITICAL10.0PL ✓ten sam produkt
MyBB 1.6.4 — backdoor w pakiecie źródłowym umożliwiający RCE
CVE-2020-22612CRITICAL9.8ten sam produkt
Installer RCE on settings file write in MyBB before 1.8.22.
CVE-2017-16780CRITICAL9.8ten sam produkt
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the config...
CVE-2016-9403CRITICAL9.8ten sam produkt
newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attac...
CVE-2016-9402CRITICAL9.8ten sam produkt
SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge S...