SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMybb Merge System
APPMybb≤ 1.8.6Mybb
APPMybb≤ 1.8.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References
Related vulnerabilities
CVE-2011-10018CRITICAL10.0PL ✓ten sam produkt
MyBB 1.6.4 — backdoor w pakiecie źródłowym umożliwiający RCE
CVE-2020-22612CRITICAL9.8ten sam produkt
Installer RCE on settings file write in MyBB before 1.8.22.
CVE-2017-16780CRITICAL9.8ten sam produkt
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the config...
CVE-2016-9403CRITICAL9.8ten sam produkt
newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attac...
CVE-2015-8974CRITICAL10.0ten sam produkt
SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinB...