CVE-2008-0383

Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary SQL commands via (1) the mergepost parameter in a do_mergeposts action, (2) rid parameter in an allreports action, or (3) threads parameter in a do_multimovethreads action to (a) moderation.php; or (4) gid parameter to (b) admin/usergroups.php.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2008-01-22 20:00

Updated : 2024-02-28 11:01


NVD link : CVE-2008-0383

Mitre link : CVE-2008-0383

CVE.ORG link : CVE-2008-0383


JSON object : View

Products Affected

mybb

  • mybb
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')