MidnightBSD

Advisories for mybboard

CVE-2008-6198 HIGH

SQL injection vulnerability in pages.php in Custom Pages 1.0 plugin for MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the page parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
mybboard custom_pages_plugin 1.0
CVE-2009-4449 MEDIUM

Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, when changing the user avatar from the gallery, allows remote authenticated users to determine the existence of files via directory traversal sequences in the avatar and possibly the gallery parameters, related to (1) admin/modules/user/users.php and (2) usercp.php.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
mybboard mybb 1.4.10
CVE-2010-5096 HIGH

Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php. NOTE: the vendor disputes this issue, saying "Although this doesn't lead to an SQL injection, it does provide a general MyBB SQL error.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
mybb mybb 1.1.5
mybb mybb 1.0
mybb mybb 1.1.7
mybb mybb 1.4.4
mybb mybb 1.2.4
mybb mybb 1.2
mybb mybb 1.04
mybb mybb 1.4.5
mybboard mybb 1.4.10
mybb mybb 1.4.10
mybb mybb 1.4.11
mybb mybb 1.00
mybb mybb 1.5.1
mybb mybb 1.01
mybb mybb 1.1.0
mybb mybb 1.4.6
mybb mybb 1.2.8
mybb mybb 1.4.1
mybb mybb 1.2.13
mybb mybb 1.2.7
mybb mybb 1.3
mybb mybb 1.2.9
mybb mybb 1.02
mybb mybb 1.2.5
mybb mybb 1.5.2
mybb mybb 1.03
mybb mybb *
mybb mybb 1.2.12
mybb mybb 1.4.3
mybb mybb 1.1.3
mybb mybb 1.4.8
mybb mybb 1.2.3
mybb mybb 1.4.2
mybb mybb 1.2.1
mybb mybb 1.4.16
mybb mybb 1.4.14
mybb mybb 1.1.1
mybb mybb 1.2.6
mybb mybb 1.2.11
mybb mybb 1.4.7
mybb mybb 1.1.2
mybb mybb 1.4.12
mybb mybb 1.4.0
mybb mybb 1.4.9
mybb mybb 1.2.0
mybb mybb 1.4.15
mybb mybb 1.1.4
mybb mybb 1.1.6
mybb mybb 1.2.14
mybboard mybb 1.4.3
mybb mybb 1.4.13
mybb mybb 1.2.10
mybb mybb 1.1.8
mybb mybb 1.2.2