Vulnerabilities > Mybb > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-09-01 CVE-2020-22612 Unspecified vulnerability in Mybb
Installer RCE on settings file write in MyBB before 1.8.22.
network
low complexity
mybb
critical
 9.8
9.8
2017-11-10 CVE-2017-16780 Cross-Site Request Forgery (CSRF) vulnerability in Mybb
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.
network
low complexity
mybb CWE-352
critical
 9.8
9.8
2017-01-31 CVE-2016-9420 Improper Input Validation vulnerability in Mybb Merge System and Mybb
MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allow remote attackers to have unspecified impact via vectors related to "loose comparison false positives."
network
low complexity
mybb CWE-20
critical
 9.8
9.8
2017-01-31 CVE-2016-9416 SQL Injection vulnerability in Mybb Merge System and Mybb
SQL injection vulnerability in the users data handler in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
mybb CWE-89
critical
 9.8
9.8
2017-01-31 CVE-2016-9412 Improper Access Control vulnerability in Mybb
MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow attackers to have unspecified impact via vectors related to low adminsid and sid entropy.
network
low complexity
mybb CWE-284
critical
 9.8
9.8
2017-01-31 CVE-2016-9403 Permissions, Privileges, and Access Controls vulnerability in Mybb
newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to have unspecified impact by leveraging a missing permission check.
network
low complexity
mybb CWE-264
critical
 9.8
9.8
2017-01-31 CVE-2016-9402 SQL Injection vulnerability in Mybb
SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
mybb CWE-89
critical
 9.8
9.8
2017-01-31 CVE-2015-8974 SQL Injection vulnerability in Mybb Merge System and Mybb
SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
mybb CWE-89
critical
 10.0
10