Vulnerabilities > Mybb > Mybb > 1.2.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-07-08 | CVE-2008-3070 | SQL-Injection vulnerability in MyBB Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $user['language'] variable, probably related to SQL injection. | 7.5 |
2008-07-08 | CVE-2008-3069 | Cross-Site Scripting vulnerability in Mybb Multiple cross-site scripting (XSS) vulnerabilities in MyBB before 1.2.13 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) portal.php and (2) inc/functions_post.php. | 4.3 |
2008-02-15 | CVE-2008-0788 | Cross-Site Request Forgery (CSRF) vulnerability in Mybb Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2.11 and earlier allow remote attackers to (1) hijack the authentication of moderators or administrators for requests that delete threads via a do_multideletethreads action to moderation.php and (2) hijack the authentication of arbitrary users for requests that delete private messages (PM) via a delete action to private.php. | 6.8 |
2008-01-22 | CVE-2008-0383 | SQL Injection vulnerability in Mybb Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary SQL commands via (1) the mergepost parameter in a do_mergeposts action, (2) rid parameter in an allreports action, or (3) threads parameter in a do_multimovethreads action to (a) moderation.php; or (4) gid parameter to (b) admin/usergroups.php. | 7.5 |
2007-05-14 | CVE-2007-0689 | Information Disclosure vulnerability in MyBB MyBB 1.2.4 allows remote attackers to obtain sensitive information via the (1) action[] parameter to member.php, (2) imagehash[] parameter to captcha.php, and (3) a direct request to inc/datahandlers/event.php, which reveal the installation path in the resulting error message. | 5.0 |
2007-04-11 | CVE-2007-1963 | SQL-Injection vulnerability in MyBB SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775. | 7.5 |
2007-01-31 | CVE-2007-0622 | Cross-Site Request Forgery vulnerability in Mybb 1.2.2 Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulletinBoard) 1.2.2 allows remote attackers to send messages to arbitrary users. | 5.0 |