Vulnerabilities > Mybulletinboard > Mybulletinboard > 1.1.2

DATE CVE VULNERABILITY TITLE RISK
2009-06-26 CVE-2009-2230 SQL Injection vulnerability in Mybulletinboard
SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter.
network
low complexity
mybulletinboard CWE-89
7.5
2008-02-15 CVE-2008-0787 SQL Injection vulnerability in Mybulletinboard
SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php.
network
low complexity
mybulletinboard CWE-89
6.5
2008-01-22 CVE-2008-0382 Code Injection vulnerability in Mybulletinboard
Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php.
network
low complexity
mybulletinboard CWE-94
7.5
2006-09-25 CVE-2006-4972 Cross-Site Scripting vulnerability in MyBulletinBoard
Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter.
network
high complexity
mybulletinboard
5.1
2006-09-25 CVE-2006-4971 Information Disclosure vulnerability in MyBulletinBoard
MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message.
network
low complexity
mybulletinboard
5.0
2006-08-01 CVE-2006-3954 Directory Traversal vulnerability in MyBulletinBoard
Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a ..
network
low complexity
mybulletinboard
5.0
2006-08-01 CVE-2006-3953 Cross-Site Scripting vulnerability in MyBulletinBoard UserCP.PHP
Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.
network
mybulletinboard
4.3
2006-07-21 CVE-2006-3761 Cross-Site Scripting vulnerability in Mybulletinboard
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using "javascript".
4.3
2006-07-07 CVE-2006-3420 Cross-Site Request Forgery vulnerability in MyBulletinBoard
Cross-site request forgery (CSRF) vulnerability in editpost.php in MyBulletinBoard (MyBB) before 1.1.5 allows remote attackers to perform unauthorized actions as a logged in user and delete arbitrary forum posts via a bbcode IMG tag with a modified delete parameter in a deletepost action.
network
low complexity
mybulletinboard
7.5
2006-06-27 CVE-2006-3243 SQL-Injection vulnerability in MyBulletinBoard
SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter.
network
low complexity
mybulletinboard
7.5