Vulnerabilities > Mybulletinboard > Mybulletinboard > 1.2.10

DATE CVE VULNERABILITY TITLE RISK
2009-06-26 CVE-2009-2230 SQL Injection vulnerability in Mybulletinboard
SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter.
network
low complexity
mybulletinboard CWE-89
7.5
2008-02-15 CVE-2008-0787 SQL Injection vulnerability in Mybulletinboard
SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php.
network
low complexity
mybulletinboard CWE-89
6.5
2008-01-22 CVE-2008-0382 Code Injection vulnerability in Mybulletinboard
Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php.
network
low complexity
mybulletinboard CWE-94
7.5