High

DATE	CVE	VULNERABILITY TITLE	RISK
2009-06-26	CVE-2009-2230	SQL Injection vulnerability in Mybulletinboard SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter. network low complexity mybulletinboard CWE-89	7.5
2008-01-22	CVE-2008-0382	Code Injection vulnerability in Mybulletinboard Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php. network low complexity mybulletinboard CWE-94	7.5
2007-04-24	CVE-2007-2211	SQL Injection vulnerability in MyBulletinBoard Calendar.PHP SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action. network low complexity mybulletinboard	7.5
2007-04-11	CVE-2007-1963	SQL-Injection vulnerability in MyBB SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775. network low complexity mybb mybulletinboard	7.5
2006-07-24	CVE-2006-3775	SQL Injection vulnerability in Mybulletinboard 1.1.5 SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER['HTTP_CLIENT_IP'] variable), as utilized by index.php. network low complexity mybulletinboard CWE-89	7.5
2006-07-21	CVE-2006-3760	SQL-Injection vulnerability in Mybulletinboard 1.1.4 Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. network low complexity mybulletinboard	7.5
2006-07-21	CVE-2006-3758	SQL-Injection vulnerability in Mybulletinboard 1.1.4 inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php. network low complexity mybulletinboard	7.5
2006-07-07	CVE-2006-3420	Cross-Site Request Forgery vulnerability in MyBulletinBoard Cross-site request forgery (CSRF) vulnerability in editpost.php in MyBulletinBoard (MyBB) before 1.1.5 allows remote attackers to perform unauthorized actions as a logged in user and delete arbitrary forum posts via a bbcode IMG tag with a modified delete parameter in a deletepost action. network low complexity mybulletinboard	7.5
2006-06-27	CVE-2006-3243	SQL-Injection vulnerability in MyBulletinBoard SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter. network low complexity mybulletinboard	7.5
2006-06-13	CVE-2006-2908	Remote PHP Script Code Injection vulnerability in Mybulletinboard 1.1.2 The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier. network low complexity mybulletinboard	7.5