Vulnerabilities > Mybulletinboard > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-29 | CVE-2006-2103 | SQL Injection vulnerability in Mybulletinboard 1.1.1 SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2) setid, (3) expand, (4) title, or (5) sid2 parameters to (b) admin/templates.php. | 2.1 |
| 2006-03-19 | CVE-2006-1281 | Input Validation vulnerability in MyBB Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. network mybulletinboard | 3.5 |
| 2006-02-18 | CVE-2006-0770 | Cross-Site Scripting vulnerability in MyBulletinBoard Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in "advanced details". | 2.6 |