Vulnerabilities > Mybb > Mybb > 1.2.8
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-07-08 | CVE-2008-3070 | SQL-Injection vulnerability in MyBB Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $user['language'] variable, probably related to SQL injection. | 7.5 |
2008-07-08 | CVE-2008-3069 | Cross-Site Scripting vulnerability in Mybb Multiple cross-site scripting (XSS) vulnerabilities in MyBB before 1.2.13 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) portal.php and (2) inc/functions_post.php. | 4.3 |
2008-02-15 | CVE-2008-0788 | Cross-Site Request Forgery (CSRF) vulnerability in Mybb Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2.11 and earlier allow remote attackers to (1) hijack the authentication of moderators or administrators for requests that delete threads via a do_multideletethreads action to moderation.php and (2) hijack the authentication of arbitrary users for requests that delete private messages (PM) via a delete action to private.php. | 6.8 |
2008-01-22 | CVE-2008-0383 | SQL Injection vulnerability in Mybb Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary SQL commands via (1) the mergepost parameter in a do_mergeposts action, (2) rid parameter in an allreports action, or (3) threads parameter in a do_multimovethreads action to (a) moderation.php; or (4) gid parameter to (b) admin/usergroups.php. | 7.5 |