Vulnerabilities > Mybb > High

DATE CVE VULNERABILITY TITLE RISK
2023-08-29 CVE-2023-41362 Code Injection vulnerability in Mybb
MyBB before 1.8.36 allows Code Injection by users with certain high privileges.
network
low complexity
mybb CWE-94
7.2
2023-01-03 CVE-2022-45867 Path Traversal vulnerability in Mybb
MyBB before 1.8.33 allows Directory Traversal.
network
low complexity
mybb CWE-22
7.2
2022-10-06 CVE-2022-39265 Unspecified vulnerability in Mybb
MyBB is a free and open source forum software.
network
low complexity
mybb
7.2
2022-03-09 CVE-2022-24734 Unspecified vulnerability in Mybb
MyBB is a free and open source forum software.
network
low complexity
mybb
7.2
2021-11-04 CVE-2021-43281 Code Injection vulnerability in Mybb
MyBB before 1.8.29 allows Remote Code Injection by an admin with the "Can manage settings?" permission.
network
low complexity
mybb CWE-94
7.2
2021-03-15 CVE-2021-27948 SQL Injection vulnerability in Mybb
SQL Injection vulnerability in MyBB before 1.8.26 via User Groups.
network
low complexity
mybb CWE-89
7.2
2021-03-15 CVE-2021-27947 SQL Injection vulnerability in Mybb
SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management.
network
low complexity
mybb CWE-89
7.2
2021-03-15 CVE-2021-27946 SQL Injection vulnerability in Mybb
SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count.
network
low complexity
mybb CWE-89
8.8
2021-03-15 CVE-2021-27890 SQL Injection vulnerability in Mybb
SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files.
network
low complexity
mybb CWE-89
8.8
2019-06-15 CVE-2019-12831 Improper Input Validation vulnerability in Mybb
In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of aaaaaaaaaaaaaaaaaaaaaaaaaa.php.css to aaaaaaaaaaaaaaaaaaaaaaaaaa.php with a 30-character limit, aka theme import stylesheet name RCE.
network
low complexity
mybb CWE-20
7.2