Vulnerabilities > Mybb
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-09-11 | CVE-2008-3966 | Cross-Site Scripting vulnerability in Mybb Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp2.php, (2) a certain location field in inc/functions_online.php, and certain (3) tsubject and (4) psubject fields in moderation.php. | 4.3 |
2008-09-11 | CVE-2008-3965 | SQL Injection vulnerability in Mybb SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.4.1 allows remote attackers to execute arbitrary SQL commands via a certain editor field. | 7.5 |
2008-07-27 | CVE-2008-3334 | Cross-Site Scripting vulnerability in Mybb Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php. | 4.3 |
2008-07-08 | CVE-2008-3071 | Path Traversal vulnerability in Mybb Directory traversal vulnerability in inc/class_language.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $language variable. | 7.5 |
2008-07-08 | CVE-2008-3070 | SQL-Injection vulnerability in MyBB Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $user['language'] variable, probably related to SQL injection. | 7.5 |
2008-07-08 | CVE-2008-3069 | Cross-Site Scripting vulnerability in Mybb Multiple cross-site scripting (XSS) vulnerabilities in MyBB before 1.2.13 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) portal.php and (2) inc/functions_post.php. | 4.3 |
2008-02-15 | CVE-2008-0788 | Cross-Site Request Forgery (CSRF) vulnerability in Mybb Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2.11 and earlier allow remote attackers to (1) hijack the authentication of moderators or administrators for requests that delete threads via a do_multideletethreads action to moderation.php and (2) hijack the authentication of arbitrary users for requests that delete private messages (PM) via a delete action to private.php. | 6.8 |
2008-01-22 | CVE-2008-0383 | SQL Injection vulnerability in Mybb Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary SQL commands via (1) the mergepost parameter in a do_mergeposts action, (2) rid parameter in an allreports action, or (3) threads parameter in a do_multimovethreads action to (a) moderation.php; or (4) gid parameter to (b) admin/usergroups.php. | 7.5 |
2007-05-14 | CVE-2007-0689 | Information Disclosure vulnerability in MyBB MyBB 1.2.4 allows remote attackers to obtain sensitive information via the (1) action[] parameter to member.php, (2) imagehash[] parameter to captcha.php, and (3) a direct request to inc/datahandlers/event.php, which reveal the installation path in the resulting error message. | 5.0 |
2007-04-24 | CVE-2007-2212 | SQL-Injection vulnerability in Mybb 1.2.5 Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) month parameter. | 7.5 |