Vulnerabilities > Mybulletinboard

DATE CVE VULNERABILITY TITLE RISK
2009-06-26 CVE-2009-2230 SQL Injection vulnerability in Mybulletinboard
SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter.
network
low complexity
mybulletinboard CWE-89
7.5
2008-02-15 CVE-2008-0787 SQL Injection vulnerability in Mybulletinboard
SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php.
network
low complexity
mybulletinboard CWE-89
6.5
2008-01-22 CVE-2008-0382 Code Injection vulnerability in Mybulletinboard
Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php.
network
low complexity
mybulletinboard CWE-94
7.5
2007-04-24 CVE-2007-2211 SQL Injection vulnerability in MyBulletinBoard Calendar.PHP
SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action.
network
low complexity
mybulletinboard
7.5
2007-04-11 CVE-2007-1964 Denial-Of-Service vulnerability in MyBulletinBoard
member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.
6.0
2007-04-11 CVE-2007-1963 SQL-Injection vulnerability in MyBB
SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775.
network
low complexity
mybb mybulletinboard
7.5
2006-09-25 CVE-2006-4972 Cross-Site Scripting vulnerability in MyBulletinBoard
Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter.
network
high complexity
mybulletinboard
5.1
2006-09-25 CVE-2006-4971 Information Disclosure vulnerability in MyBulletinBoard
MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message.
network
low complexity
mybulletinboard
5.0
2006-09-12 CVE-2006-4707 Cross-Site Scripting vulnerability in Mybulletinboard 1.1.7
Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF]).
network
mybulletinboard
6.8
2006-09-12 CVE-2006-4706 Cross-Site Scripting vulnerability in Mybulletinboard 1.1.7
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded space, as demonstrated using "java& #115;cript," a different vulnerability than CVE-2006-3761.
network
mybulletinboard
6.8