Vulnerabilities > Mybb > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-29 | CVE-2023-41362 | Code Injection vulnerability in Mybb MyBB before 1.8.36 allows Code Injection by users with certain high privileges. | 7.2 |
| 2023-01-03 | CVE-2022-45867 | Path Traversal vulnerability in Mybb MyBB before 1.8.33 allows Directory Traversal. | 7.2 |
| 2022-10-06 | CVE-2022-39265 | Injection vulnerability in Mybb MyBB is a free and open source forum software. | 7.2 |
| 2022-03-09 | CVE-2022-24734 | Code Injection vulnerability in Mybb MyBB is a free and open source forum software. | 7.2 |
| 2021-11-04 | CVE-2021-43281 | Code Injection vulnerability in Mybb MyBB before 1.8.29 allows Remote Code Injection by an admin with the "Can manage settings?" permission. | 7.2 |
| 2021-03-15 | CVE-2021-27948 | SQL Injection vulnerability in Mybb SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. | 7.2 |
| 2021-03-15 | CVE-2021-27947 | SQL Injection vulnerability in Mybb SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. | 7.2 |
| 2021-03-15 | CVE-2021-27946 | SQL Injection vulnerability in Mybb SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. | 8.8 |
| 2021-03-15 | CVE-2021-27890 | SQL Injection vulnerability in Mybb SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files. | 8.8 |
| 2019-06-15 | CVE-2019-12831 | Improper Input Validation vulnerability in Mybb In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of aaaaaaaaaaaaaaaaaaaaaaaaaa.php.css to aaaaaaaaaaaaaaaaaaaaaaaaaa.php with a 30-character limit, aka theme import stylesheet name RCE. | 7.2 |