Total
123 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4569 | 2 Mybb, Tom K | 2 Mybb, Forum Userbar Plugin | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in userbarsettings.php in the Userbar plugin 2.2 for MyBB Forum allows remote attackers to execute arbitrary SQL commands via the image2 parameter. | |||||
| CVE-2010-4624 | 1 Mybb | 1 Mybb | 2024-02-28 | 3.5 LOW | N/A |
| MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated users to bypass intended restrictions on the number of [img] MyCodes by editing a post after it has been created. | |||||
| CVE-2008-4929 | 1 Mybb | 1 Mybb | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames. | |||||
| CVE-2008-4928 | 1 Mybb | 1 Mybb | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the redirect function in functions.php in MyBB (aka MyBulletinBoard) 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter in a removesubscriptions action to moderation.php, related to use of the ajax option to request a JavaScript redirect. NOTE: this can be leveraged to execute PHP code and bypass cross-site request forgery (CSRF) protection. | |||||
| CVE-2008-3965 | 1 Mybb | 1 Mybb | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.4.1 allows remote attackers to execute arbitrary SQL commands via a certain editor field. | |||||
| CVE-2008-4930 | 1 Mybb | 1 Mybb | 2024-02-28 | 5.0 MEDIUM | N/A |
| MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka "Incomplete protection against MIME-sniffing." NOTE: this could be leveraged for XSS and other attacks. | |||||
| CVE-2008-3967 | 1 Mybb | 1 Mybb | 2024-02-28 | 7.5 HIGH | N/A |
| moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors. | |||||
| CVE-2008-3070 | 1 Mybb | 1 Mybb | 2024-02-28 | 7.5 HIGH | N/A |
| Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $user['language'] variable, probably related to SQL injection. | |||||
| CVE-2008-3069 | 1 Mybb | 1 Mybb | 2024-02-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MyBB before 1.2.13 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) portal.php and (2) inc/functions_post.php. | |||||
| CVE-2008-3966 | 1 Mybb | 1 Mybb | 2024-02-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp2.php, (2) a certain location field in inc/functions_online.php, and certain (3) tsubject and (4) psubject fields in moderation.php. | |||||
| CVE-2008-3334 | 1 Mybb | 1 Mybb | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php. | |||||
| CVE-2008-3071 | 1 Mybb | 1 Mybb | 2024-02-28 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in inc/class_language.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $language variable. | |||||
| CVE-2008-0788 | 1 Mybb | 1 Mybb | 2024-02-28 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2.11 and earlier allow remote attackers to (1) hijack the authentication of moderators or administrators for requests that delete threads via a do_multideletethreads action to moderation.php and (2) hijack the authentication of arbitrary users for requests that delete private messages (PM) via a delete action to private.php. | |||||
| CVE-2007-0689 | 1 Mybb | 1 Mybb | 2024-02-28 | 5.0 MEDIUM | N/A |
| MyBB 1.2.4 allows remote attackers to obtain sensitive information via the (1) action[] parameter to member.php, (2) imagehash[] parameter to captcha.php, and (3) a direct request to inc/datahandlers/event.php, which reveal the installation path in the resulting error message. | |||||
| CVE-2008-0383 | 1 Mybb | 1 Mybb | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary SQL commands via (1) the mergepost parameter in a do_mergeposts action, (2) rid parameter in an allreports action, or (3) threads parameter in a do_multimovethreads action to (a) moderation.php; or (4) gid parameter to (b) admin/usergroups.php. | |||||
| CVE-2007-2212 | 1 Mybb | 1 Mybb | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1963 | 2 Mybb, Mybulletinboard | 2 Mybb, Mybulletinboard | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775. | |||||
| CVE-2007-0622 | 1 Mybb | 1 Mybb | 2024-02-28 | 5.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulletinBoard) 1.2.2 allows remote attackers to send messages to arbitrary users. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1964 | 2 Mybb, Mybulletinboard | 2 Mybb, Mybulletinboard | 2024-02-28 | 6.0 MEDIUM | N/A |
| member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output. | |||||
| CVE-2007-0544 | 1 Mybb | 1 Mybb | 2024-02-28 | 6.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949. | |||||