Vulnerabilities > Mybulletinboard > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-21 | CVE-2006-1974 | SQL Injection vulnerability in MyBB Index.PHP Referrer Cookie SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter. | 7.5 |
| 2006-03-02 | CVE-2006-0959 | SQL Injection vulnerability in Mybulletinboard 1.0.3/1.0.4 SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. | 7.5 |
| 2006-02-02 | CVE-2006-0523 | SQL-Injection vulnerability in MyBulletinBoard SQL injection vulnerability in global.php in MyBB before 1.03 allows remote attackers to execute arbitrary SQL commands via the templatelist variable. | 7.5 |
| 2006-01-16 | CVE-2006-0219 | SQL Injection vulnerability in MyBB Usercp.PHP The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL injection attacks via an attachment name that is not properly handled by inc/functions_upload.php (CVE-2005-4602), and possibly (2) other attacks related to threadmode in usercp.php. | 7.5 |
| 2005-12-31 | CVE-2005-4602 | SQL Injection vulnerability in MyBB File Upload SQL injection vulnerability in inc/function_upload.php in MyBB before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the file extension of an uploaded file attachment. | 7.5 |
| 2005-10-27 | CVE-2005-3326 | SQL Injection vulnerability in MyBulletinBoard Usercp.PHP SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the awayday parameter. | 7.5 |
| 2005-09-14 | CVE-2005-2888 | SQL-Injection vulnerability in MyBB Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) Preview Release 2 allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter to misc.php or (2) Content-Disposition field in the HTTP header to newreply.php. | 7.5 |
| 2005-09-02 | CVE-2005-2778 | SQL Injection vulnerability in MyBB Member.PHP SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL statements via the fid parameter. | 7.5 |
| 2005-08-26 | CVE-2005-2697 | SQL Injection vulnerability in MyBulletinBoard Search.PHP SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) 1.00 Release Candidate 1 through 4 allows remote attackers to execute arbitrary SQL commands via the uid parameter. | 7.5 |
| 2005-08-16 | CVE-2005-2580 | SQL Injection vulnerability in Mybulletinboard 1.00Rc4Securitypatch Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in (1) index.php or (2) member.php, action parameter to (3) search.php or (4) member.php, or (5) polloptions parameter to polls.php. | 7.5 |