Vulnerabilites related to mybb - mybb
Vulnerability from fkie_nvd
Published
2018-06-26 16:29
Modified
2024-11-21 03:40
Severity ?
Summary
MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance -> Task Manager -> Add New Task) that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. This attack appear to be exploitable via Must have access to admin panel. This vulnerability appears to have been fixed in 1.8.15.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "53F2488B-06DA-4FB0-A5DE-3953F1FA2193", versionEndExcluding: "1.8.15", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance -> Task Manager -> Add New Task) that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. This attack appear to be exploitable via Must have access to admin panel. This vulnerability appears to have been fixed in 1.8.15.", }, { lang: "es", value: "MyBB Group MyBB contiene una vulnerabilidad de inclusión de archivos en el panel de administrador (Tools and Maintenance -> Task Manager -> Add New Task) que puede resultar en que se permita la inclusión de archivos locales en versiones modernas de PHP y la inclusión de archivos remota en versiones antiguas de PHP. Para explotar este ataque, el atacante debe tener acceso al panel de administración. La vulnerabilidad parece haber sido solucionada en la versión 1.8.15.", }, ], id: "CVE-2018-1000502", lastModified: "2024-11-21T03:40:03.663", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-26T16:29:00.447", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.batterystapl.es/2018/03/local-file-inclusion-and-reading.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://blog.mybb.com/2018/03/15/mybb-1-8-15-released-security-maintenance-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.batterystapl.es/2018/03/local-file-inclusion-and-reading.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://blog.mybb.com/2018/03/15/mybb-1-8-15-released-security-maintenance-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-829", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-04-11 10:19
Modified
2024-11-21 00:29
Severity ?
Summary
SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | mybb | * | |
| mybulletinboard | mybulletinboard | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "B0EDA88C-D8F0-4914-8FC6-BB5C0D1E0D33", versionEndIncluding: "1.2.3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybulletinboard:mybulletinboard:*:*:*:*:*:*:*:*", matchCriteriaId: "890AE1FD-307D-41A4-AF91-397EDAFFCF10", versionEndIncluding: "1.2.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775.", }, { lang: "es", value: "Vulnerabilidad de inyección SQL en la función create_session en class_session.php de MyBB (también conocido como MyBulletinBoard) 1.2.3 y anteriores permite a atacantes remotos ejecutar comandos sql de su elección mediante la cabecera HTTP Client-IP, como ha sido utilizado por index.php, un asunto relacionado con CVE-2006-3775.", }, ], id: "CVE-2007-1963", lastModified: "2024-11-21T00:29:34.093", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-04-11T10:19:00.000", references: [ { source: "cve@mitre.org", url: "http://community.mybboard.net/attachment.php?aid=5842", }, { source: "cve@mitre.org", url: "http://community.mybboard.net/showthread.php?tid=18002", }, { source: "cve@mitre.org", url: "http://osvdb.org/34657", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/24689", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/464563/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2007/1244", }, { source: "cve@mitre.org", url: "https://www.exploit-db.com/exploits/3653", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://community.mybboard.net/attachment.php?aid=5842", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://community.mybboard.net/showthread.php?tid=18002", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/34657", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/24689", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/464563/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/1244", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/3653", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-31 22:59
Modified
2024-11-21 03:01
Severity ?
Summary
MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows might allow remote attackers to obtain sensitive information from ACP backups via vectors involving a short name.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94396 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/ | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94396 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/ | Patch, Release Notes, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*", matchCriteriaId: "FC4E25F3-7C9D-45E3-8330-961A56BC3C48", versionEndIncluding: "1.8.7", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "78D16782-41C7-4001-8DD1-C7A09B347733", versionEndIncluding: "1.8.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", matchCriteriaId: "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows might allow remote attackers to obtain sensitive information from ACP backups via vectors involving a short name.", }, { lang: "es", value: "MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.8 en Windows y MyBB Merge System en versiones anteriores a 1.8.8 en Windows podrían permitir a atacantes remotos obtener información sensible de las copias de seguridad de ACP a través de vectores que implican un nombre corto.", }, ], id: "CVE-2016-9418", lastModified: "2024-11-21T03:01:09.650", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-31T22:59:01.640", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94396", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94396", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-15 18:29
Modified
2024-11-21 04:23
Severity ?
Summary
In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.mybb.com/2019/06/10/mybb-1-8-21-released-security-maintenance-release/ | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://blog.ripstech.com/2019/mybb-stored-xss-to-rce/ | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2019/06/10/mybb-1-8-21-released-security-maintenance-release/ | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.ripstech.com/2019/mybb-stored-xss-to-rce/ | Exploit, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "438D60BF-E8A0-41F9-AE8E-B17569ECD586", versionEndExcluding: "1.8.21", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue.", }, { lang: "es", value: "En MyBB anterior a 1.8.21, un atacante puede aprovechar un fallo de análisis en el renderizador de Publicación y Mensaje Privado que conlleva a un ataque XSS persistente de BBCode de [video] para controlar cualquier cuenta del foro, también se conoce como un problema de video anidado de MyCode.", }, ], id: "CVE-2019-12830", lastModified: "2024-11-21T04:23:40.527", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 5.8, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-15T18:29:00.220", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://blog.mybb.com/2019/06/10/mybb-1-8-21-released-security-maintenance-release/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "https://blog.ripstech.com/2019/mybb-stored-xss-to-rce/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://blog.mybb.com/2019/06/10/mybb-1-8-21-released-security-maintenance-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://blog.ripstech.com/2019/mybb-stored-xss-to-rce/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-22 00:15
Modified
2024-11-21 07:27
Severity ?
Summary
MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially crafted name
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/mybb/mybb/security/advisories/GHSA-p9m7-9qv4-x93w | Patch, Third Party Advisory | |
| cve@mitre.org | https://mybb.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mybb/mybb/security/advisories/GHSA-p9m7-9qv4-x93w | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mybb.com | Product |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "81E81B96-4E85-4D0F-BEB7-D2A8E71DDD02", versionEndExcluding: "1.8.32", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially crafted name", }, { lang: "es", value: "MyBB 1.8.31 tiene (problema 2 de 2) vulnerabilidades de Cross-Site Scripting (XSS) en la interfaz de archivos adjuntos que permite a los atacantes inyectar HTML persuadiendo al usuario a cargar un archivo con un nombre especialmente manipulado.", }, ], id: "CVE-2022-43708", lastModified: "2024-11-21T07:27:06.080", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-22T00:15:12.007", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-p9m7-9qv4-x93w", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://mybb.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-p9m7-9qv4-x93w", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://mybb.com", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-31 22:59
Modified
2024-11-21 03:01
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving pruning logs.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94395 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94395 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | Patch, Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | merge_system | * | |
| mybb | mybb | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*", matchCriteriaId: "716986AC-5E6D-4DDD-A553-B88981BDE788", versionEndIncluding: "1.8.6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "2212E819-C064-4963-BCD2-214F09A46902", versionEndIncluding: "1.8.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving pruning logs.", }, { lang: "es", value: "Vulnerabilidad de XSS en el panel de control de Admin en MyBB (aka MyBulletinBoard) en versiones anteriores a 1.8.7 y MyBB Merge System en versiones anteriores a 1.8.7 podrían permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores que implican registros de poda.", }, ], id: "CVE-2016-9409", lastModified: "2024-11-21T03:01:08.303", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-31T22:59:01.297", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94395", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94395", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-31 22:59
Modified
2024-11-21 03:01
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Mod control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving editing users.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94395 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94395 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | Patch, Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | merge_system | * | |
| mybb | mybb | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*", matchCriteriaId: "716986AC-5E6D-4DDD-A553-B88981BDE788", versionEndIncluding: "1.8.6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "2212E819-C064-4963-BCD2-214F09A46902", versionEndIncluding: "1.8.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the Mod control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving editing users.", }, { lang: "es", value: "Vulnerabilidad de XSS en el panel de control Mod en MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.7 y MyBB Merge System en versiones anteriores a 1.8.7 podrían permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores que implican a usuarios de edición.", }, ], id: "CVE-2016-9408", lastModified: "2024-11-21T03:01:08.153", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-31T22:59:01.267", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94395", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94395", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-11-10 23:29
Modified
2024-11-21 03:16
Severity ?
Summary
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release/ | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/43136/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/43136/ | Exploit, Third Party Advisory, VDB Entry |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "52EEFACF-D046-478B-801D-CC39CAAD6555", versionEndIncluding: "1.8.12", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.", }, { lang: "es", value: "El instalador en MyBB en versiones anteriores a la 1.8.13 permite que atacantes remotos ejecuten código arbitrario escribiendo en el archivo de configuración.", }, ], id: "CVE-2017-16780", lastModified: "2024-11-21T03:16:57.450", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-11-10T23:29:00.243", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/43136/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/43136/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-01-22 20:00
Modified
2024-11-21 00:41
Severity ?
Summary
Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary SQL commands via (1) the mergepost parameter in a do_mergeposts action, (2) rid parameter in an allreports action, or (3) threads parameter in a do_multimovethreads action to (a) moderation.php; or (4) gid parameter to (b) admin/usergroups.php.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "9002DF3E-BDC7-4653-8C32-EC20CAFD436D", versionEndIncluding: "1.2.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary SQL commands via (1) the mergepost parameter in a do_mergeposts action, (2) rid parameter in an allreports action, or (3) threads parameter in a do_multimovethreads action to (a) moderation.php; or (4) gid parameter to (b) admin/usergroups.php.", }, { lang: "es", value: "Múltiples vulnerabilidades de inyección SQL en MyBB 1.2.10 y anteriores permite a moderadores remotos y administradores ejecutar comnandos SQL a través del parámetros (1)mergepost en una acción do_mergepostsm (2) parámetro rid en una acción allreports, o (3) parámetro threads en una acción do_multimovethreads en (a) moderation.php; o parámetro (4)gid en (b) admin/usergroups.php.", }, ], id: "CVE-2008-0383", lastModified: "2024-11-21T00:41:57.557", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: true, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-01-22T20:00:00.000", references: [ { source: "cve@mitre.org", url: "http://community.mybboard.net/showthread.php?tid=27227", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/28509", }, { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/3558", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/486433/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", ], url: "http://www.securityfocus.com/bid/27323", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.waraxe.us/advisory-62.html", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39728", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39729", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://community.mybboard.net/showthread.php?tid=27227", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/28509", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/3558", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/486433/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "http://www.securityfocus.com/bid/27323", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.waraxe.us/advisory-62.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39728", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39729", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-26 16:29
Modified
2024-11-21 03:40
Severity ?
Summary
MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. This attack appear to be exploitable via Subscribe to a forum through IDOR. This vulnerability appears to have been fixed in 1.8.15.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "53F2488B-06DA-4FB0-A5DE-3953F1FA2193", versionEndExcluding: "1.8.15", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. This attack appear to be exploitable via Subscribe to a forum through IDOR. This vulnerability appears to have been fixed in 1.8.15.", }, { lang: "es", value: "MyBB Group MyBB contiene una vulnerabilidad de control de acceso incorrecto en los foros privados que puede resultar en que los usuarios puedan ver foros privados sin tener la contraseña. Este ataque parece ser explotable mediante una suscripción a un foro mediante IDOR. La vulnerabilidad parece haber sido solucionada en la versión 1.8.15.", }, ], id: "CVE-2018-1000503", lastModified: "2024-11-21T03:40:03.803", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-26T16:29:00.523", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.batterystapl.es/2018/03/local-file-inclusion-and-reading.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://blog.mybb.com/2018/03/15/mybb-1-8-15-released-security-maintenance-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.batterystapl.es/2018/03/local-file-inclusion-and-reading.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://blog.mybb.com/2018/03/15/mybb-1-8-15-released-security-maintenance-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-03-18 14:59
Modified
2024-11-21 02:26
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) MIME-type field in an add action in the config-attachment_types module to admin/index.php; (2) title or (3) short description field in an add action in the (a) config-mycode or (b) user-groups module to admin/index.php; (4) title field in an add action in the (c) forum-management or (d) tool-tasks module to admin/index.php; (5) name field in an add_set action in the style-templates module to admin/index.php; (6) title field in an add_template_group action in the style-templates module to admin/index.php; (7) name field in an add action in the config-post_icons module to admin/index.php; (8) "title to assign" field in an add action in the user-titles module to admin/index.php; or (9) username field in the config-banning module to admin/index.php.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "AEC41207-93E4-416F-9670-6AC626CF0700", versionEndIncluding: "1.8.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) MIME-type field in an add action in the config-attachment_types module to admin/index.php; (2) title or (3) short description field in an add action in the (a) config-mycode or (b) user-groups module to admin/index.php; (4) title field in an add action in the (c) forum-management or (d) tool-tasks module to admin/index.php; (5) name field in an add_set action in the style-templates module to admin/index.php; (6) title field in an add_template_group action in the style-templates module to admin/index.php; (7) name field in an add action in the config-post_icons module to admin/index.php; (8) \"title to assign\" field in an add action in the user-titles module to admin/index.php; or (9) username field in the config-banning module to admin/index.php.", }, { lang: "es", value: "Múltiples vulnerabilidades de XSS en el backend administrativo en MyBB (también conocido como MyBulletinBoard) anterior a 1.8.4 permiten a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través (1) del campo MIME-type en una acción de añadir en el modulo config-attachment_types en admin/index.php; (2) del campo title o (3) short description en una acción de añadir en el módulo (a) config-mycode o (b) user-groups en admin/index.php; (4) del campo title en una acción de añadir en el módulo (c) forum-management o (d) tool-tasks en admin/index.php; (5) del campo name en una acción de añadir en el módulo style-templates en admin/index.php; (6) del campo title en una acción add_template_group en el módulo style-templates en admin/index.php; (7) del campo name en una acción de añadir en el módulo config-post_icons en admin/index.php; (8) del campo 'title to assign' en una acción de añadir en el módulo user-titles en admin/index.php; o (9) del campo username en el módulo config-banning en admin/index.php.", }, ], id: "CVE-2015-2149", lastModified: "2024-11-21T02:26:52.613", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-03-18T14:59:00.077", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://seclists.org/fulldisclosure/2015/Feb/80", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://seclists.org/oss-sec/2015/q1/629", }, { source: "cve@mitre.org", url: "http://seclists.org/oss-sec/2015/q1/705", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://sroesemann.blogspot.de/2015/02/sroeadv-2015-15.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/72738", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1031953", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://seclists.org/fulldisclosure/2015/Feb/80", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://seclists.org/oss-sec/2015/q1/629", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/oss-sec/2015/q1/705", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://sroesemann.blogspot.de/2015/02/sroeadv-2015-15.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/72738", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1031953", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-04-06 16:59
Modified
2024-11-21 03:32
Severity ?
Summary
MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "EA5913D3-77D8-4093-9225-0B1BDE2A9B5B", versionEndIncluding: "1.8.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism.", }, { lang: "es", value: "MyBB en versiones anteriores a 1.8.11 permite a atacantes remotos evitar un mecanismo de protección SSRF.", }, ], id: "CVE-2017-7566", lastModified: "2024-11-21T03:32:10.910", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.1, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-06T16:59:00.157", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97480", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/mybb/mybb/commit/f5de8fc2aad11e0d2583f585535ccfa2b46325db#diff-7fe6e55397c77ab9a0f5d57bc4cbe5b9R6781", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170407-0_MyBB_SSRF_vulnerability_v10.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97480", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/mybb/mybb/commit/f5de8fc2aad11e0d2583f585535ccfa2b46325db#diff-7fe6e55397c77ab9a0f5d57bc4cbe5b9R6781", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170407-0_MyBB_SSRF_vulnerability_v10.txt", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-08-10 22:15
Modified
2024-11-21 05:04
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active (e.g. as a post or Private Message) and operates on a maliciously crafted MyCode message. This may occur on pages where message content is pre-filled using a GET/POST parameter, or on reply pages where a previously saved malicious message is quoted. After upgrading MyBB to 1.8.24, make sure to update the version attribute in the `codebuttons` template for non-default themes to serve the latest version of the patched `jscripts/bbcodes_sceditor.js` file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/mybb/mybb/commit/37ad29dcd25489a37bdd89ebac761f22492558b0 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/mybb/mybb/security/advisories/GHSA-37h7-vfv6-f8rj | Patch, Third Party Advisory | |
| security-advisories@github.com | https://mybb.com/versions/1.8.24/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mybb/mybb/commit/37ad29dcd25489a37bdd89ebac761f22492558b0 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mybb/mybb/security/advisories/GHSA-37h7-vfv6-f8rj | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mybb.com/versions/1.8.24/ | Patch, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "C4357014-50F7-4CE1-A839-1853651C2685", versionEndExcluding: "1.8.24", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active (e.g. as a post or Private Message) and operates on a maliciously crafted MyCode message. This may occur on pages where message content is pre-filled using a GET/POST parameter, or on reply pages where a previously saved malicious message is quoted. After upgrading MyBB to 1.8.24, make sure to update the version attribute in the `codebuttons` template for non-default themes to serve the latest version of the patched `jscripts/bbcodes_sceditor.js` file.", }, { lang: "es", value: "En MyBB anterior a la versión 1.8.24, el MyCode (BBCode) personalizado para el editor visual no escapa la entrada correctamente cuando renderiza HTML, lo que genera una vulnerabilidad de tipo XSS basada en DOM. La debilidad puede ser explotada señalando a la víctima a una página donde el editor visual está activo (por ejemplo, como una publicación o un Mensaje Privado) y opera en un mensaje MyCode diseñado con fines maliciosos. Esto puede ocurrir en páginas donde el contenido del mensaje se rellena previamente usando un parámetro GET/POST, o en páginas de respuesta donde un mensaje malicioso previamente guardado es citado. Después de actualizar MyBB a la versión 1.8.24, asegúrese de actualizar el atributo de versión en la plantilla \"codebuttons\" para que los temas no predeterminados sirvan la última versión del archivo \"jscripts/bbcodes_sceditor.js\" parcheado", }, ], id: "CVE-2020-15139", lastModified: "2024-11-21T05:04:55.650", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-08-10T22:15:14.223", references: [ { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/commit/37ad29dcd25489a37bdd89ebac761f22492558b0", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-37h7-vfv6-f8rj", }, { source: "security-advisories@github.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://mybb.com/versions/1.8.24/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/commit/37ad29dcd25489a37bdd89ebac761f22492558b0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-37h7-vfv6-f8rj", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://mybb.com/versions/1.8.24/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-01-29 17:28
Modified
2024-11-21 00:26
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:1.2.3:*:*:*:*:*:*:*", matchCriteriaId: "C7E55085-E3E3-4BB8-A680-19A28D7E88F4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949.", }, { lang: "es", value: "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en private.php de MyBB (también conocido como MyBulletinBoard) permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML de su elección a través del campo Asunto (Subject), un vector distinto de CVE-2006-2949.", }, ], id: "CVE-2007-0544", lastModified: "2024-11-21T00:26:08.670", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-01-29T17:28:00.000", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/32967", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/23934", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/28837", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/457929/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/22205", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/31740", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/32967", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/23934", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/28837", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/457929/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/22205", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/31740", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-02-08 07:29
Modified
2024-11-21 04:11
Severity ?
Summary
MyBB 1.8.14 has XSS via the Title or Description field on the Edit Forum screen.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://websecnerd.blogspot.com/2018/02/mybb-forum-1.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://websecnerd.blogspot.com/2018/02/mybb-forum-1.html | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:1.8.14:*:*:*:*:*:*:*", matchCriteriaId: "8DF54ECF-097F-490E-8657-655328421CF9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB 1.8.14 has XSS via the Title or Description field on the Edit Forum screen.", }, { lang: "es", value: "MyBB 1.8.14 tiene XSS mediante los campos Title o Description en la pantalla Edit Forum.", }, ], id: "CVE-2018-6844", lastModified: "2024-11-21T04:11:16.870", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-02-08T07:29:01.257", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://websecnerd.blogspot.com/2018/02/mybb-forum-1.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://websecnerd.blogspot.com/2018/02/mybb-forum-1.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-04-24 18:59
Modified
2024-11-21 03:33
Severity ?
Summary
In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2017/Apr/53 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Apr/53 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/ | Patch, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "EA5913D3-77D8-4093-9225-0B1BDE2A9B5B", versionEndIncluding: "1.8.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event.", }, { lang: "es", value: "En MyBB en versiones anteriores a 1.8.11, el componente Email MyCode permite XSS, como lo demuestra un evento onmouseover.", }, ], id: "CVE-2017-8103", lastModified: "2024-11-21T03:33:19.750", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-24T18:59:00.837", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/fulldisclosure/2017/Apr/53", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/fulldisclosure/2017/Apr/53", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-15 18:15
Modified
2024-11-21 05:58
Severity ?
Summary
Cross-site Scripting vulnerability in MyBB before 1.8.26 via Custom moderator tools.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/mybb/mybb/security/advisories/GHSA-cmmr-39v8-8rx2 | Patch, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mybb/mybb/security/advisories/GHSA-cmmr-39v8-8rx2 | Patch, Release Notes, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "E92578FF-AAA5-4F8F-8D78-0662DB9BB02C", versionEndExcluding: "1.8.26", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site Scripting vulnerability in MyBB before 1.8.26 via Custom moderator tools.", }, { lang: "es", value: "Una vulnerabilidad de tipo Cross-site Scripting en MyBB versiones anteriores a 1.8.26, por medio de las herramientas de moderación Custom", }, ], id: "CVE-2021-27949", lastModified: "2024-11-21T05:58:53.907", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-15T18:15:18.957", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-cmmr-39v8-8rx2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-cmmr-39v8-8rx2", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-03 20:15
Modified
2024-11-21 07:29
Severity ?
Summary
MyBB before 1.8.33 allows Directory Traversal. The Admin CP Languages module allows remote authenticated users, with high privileges, to achieve local file inclusion and execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/mybb/mybb/security/advisories/GHSA-cpfv-6f8w-759r | Patch, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mybb/mybb/security/advisories/GHSA-cpfv-6f8w-759r | Patch, Release Notes, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "BABCA8C2-04EA-4394-A354-A9B9B4F1BADB", versionEndExcluding: "1.8.33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB before 1.8.33 allows Directory Traversal. The Admin CP Languages module allows remote authenticated users, with high privileges, to achieve local file inclusion and execution.", }, { lang: "es", value: "MyBB anterior a 1.8.33 permite Directory Traversal. El módulo Admin CP Languages permite a los usuarios remotos autenticados, con altos privilegios, lograr la inclusión y ejecución de archivos locales.", }, ], id: "CVE-2022-45867", lastModified: "2024-11-21T07:29:51.900", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-03T20:15:10.340", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-cpfv-6f8w-759r", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-cpfv-6f8w-759r", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-09-11 01:13
Modified
2024-11-21 00:50
Severity ?
Summary
SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.4.1 allows remote attackers to execute arbitrary SQL commands via a certain editor field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | mybb | * | |
| mybb | mybb | 1.00 | |
| mybb | mybb | 1.01 | |
| mybb | mybb | 1.1.0 | |
| mybb | mybb | 1.1.1 | |
| mybb | mybb | 1.1.2 | |
| mybb | mybb | 1.1.3 | |
| mybb | mybb | 1.1.4 | |
| mybb | mybb | 1.1.5 | |
| mybb | mybb | 1.1.6 | |
| mybb | mybb | 1.1.7 | |
| mybb | mybb | 1.1.8 | |
| mybb | mybb | 1.02 | |
| mybb | mybb | 1.2 | |
| mybb | mybb | 1.2.0 | |
| mybb | mybb | 1.2.1 | |
| mybb | mybb | 1.2.2 | |
| mybb | mybb | 1.2.3 | |
| mybb | mybb | 1.2.4 | |
| mybb | mybb | 1.2.5 | |
| mybb | mybb | 1.2.6 | |
| mybb | mybb | 1.2.7 | |
| mybb | mybb | 1.2.8 | |
| mybb | mybb | 1.2.9 | |
| mybb | mybb | 1.2.10 | |
| mybb | mybb | 1.2.11 | |
| mybb | mybb | 1.2.12 | |
| mybb | mybb | 1.2.13 | |
| mybb | mybb | 1.03 | |
| mybb | mybb | 1.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "BE928783-BD14-4BCD-BC6E-13E406431705", versionEndIncluding: "1.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.00:*:*:*:*:*:*:*", matchCriteriaId: "BD61D970-9363-4A75-A8DB-D0EBA2CF0D53", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.01:*:*:*:*:*:*:*", matchCriteriaId: "990E206E-5E2C-4A68-9FDF-CD47F7524054", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CF143B59-5C78-4BF6-9368-5BCF427B4753", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "B16F6F07-F5A9-47BF-88ED-25F068B68CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "A8A46A48-1361-4DD3-B97D-4C4FC776D68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "337D89AE-1B7A-4101-B1F7-DFEDF2369385", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.4:*:*:*:*:*:*:*", matchCriteriaId: "BE08AF25-EDB1-4DA1-B431-F0692858AAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.5:*:*:*:*:*:*:*", matchCriteriaId: "BF24E7BA-3144-4DBA-9613-A44FBE0822F9", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.6:*:*:*:*:*:*:*", matchCriteriaId: "029430A5-85BD-4258-B58D-F3DCBC625E5B", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.7:*:*:*:*:*:*:*", matchCriteriaId: "4183DB7F-FAB3-4D90-AD87-31CA4150CFDD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.8:*:*:*:*:*:*:*", matchCriteriaId: "3E2B90B8-DC02-4C79-BD69-DEF79945C418", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.02:*:*:*:*:*:*:*", matchCriteriaId: "C5C52215-D236-4D1A-9E30-14B9676FB68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2:*:*:*:*:*:*:*", matchCriteriaId: "4E080342-93CD-4E74-AE60-5858738CE7F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B48D2EDF-86C2-475C-9476-E5A2D586CA0E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B6725373-C229-4B57-BB1E-AF178E19DEB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "36E4C84A-21D5-4C9A-85F8-45C9657CE6F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.3:*:*:*:*:*:*:*", matchCriteriaId: "C7E55085-E3E3-4BB8-A680-19A28D7E88F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "AB01A9AA-AE70-46DF-815A-05D1101EE706", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "98AFD77B-A046-4AB9-B6F4-FFFF66C63C68", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.6:*:*:*:*:*:*:*", matchCriteriaId: "AA00D38E-AAF6-4F66-9203-5C074FC61F30", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.7:*:*:*:*:*:*:*", matchCriteriaId: "137A8CED-BE82-462F-B83C-15F535961E74", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.8:*:*:*:*:*:*:*", matchCriteriaId: "D179FDB6-9B1D-438C-B512-9A5C4F869A4C", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.9:*:*:*:*:*:*:*", matchCriteriaId: "B3E72A13-6B4A-4C7F-B8D9-A2D35E074B67", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.10:*:*:*:*:*:*:*", matchCriteriaId: "3A2D344F-4671-4194-A553-A5773B5DF3B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.11:*:*:*:*:*:*:*", matchCriteriaId: "245760C8-DC10-47F1-843A-461AE2F3DF61", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.12:*:*:*:*:*:*:*", matchCriteriaId: "A055E6BF-3CAC-4C74-8E37-A89E3E0F8559", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.13:*:*:*:*:*:*:*", matchCriteriaId: "1121A071-3709-4B2B-ADF4-EDC560F73E0A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.03:*:*:*:*:*:*:*", matchCriteriaId: "F6ABDEE8-D463-47CA-998D-33472F3382F3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.04:*:*:*:*:*:*:*", matchCriteriaId: "DE44965F-F968-4CD2-9F21-1E1A92F5F7F2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.4.1 allows remote attackers to execute arbitrary SQL commands via a certain editor field.", }, { lang: "es", value: "Vulnerabilidad de inyección SQL en misc.php de MyBB (también conocido como MyBulletinBoard) anterior a 1.4.1 permite a atacantes remotos ejecutar comandos SQL de su elección mediante cierto editor de campos.", }, ], evaluatorSolution: "Patch information - http://community.mybboard.net/showthread.php?tid=36022", id: "CVE-2008-3965", lastModified: "2024-11-21T00:50:35.583", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-09-11T01:13:47.663", references: [ { source: "cve@mitre.org", url: "http://community.mybboard.net/attachment.php?aid=10579", }, { source: "cve@mitre.org", url: "http://community.mybboard.net/showthread.php?tid=36022", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/31760", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2008/09/09/1", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2008/09/09/9", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/31104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://community.mybboard.net/attachment.php?aid=10579", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://community.mybboard.net/showthread.php?tid=36022", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/31760", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2008/09/09/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2008/09/09/9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/31104", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-31 14:15
Modified
2024-11-21 05:08
Severity ?
Summary
Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Description" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/joelister/bug/issues/2 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/joelister/bug/issues/2 | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:1.8.20:*:*:*:*:*:*:*", matchCriteriaId: "9588B1DB-5ED6-43CE-8B95-78989C75A59E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the \"Description\" field found in the \"Add New Forum\" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'.", }, { lang: "es", value: "Una vulnerabilidad de tipo Cross Site Scripting (XSS) en MyBB versión v1.8.20, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del campo \"Description\" que se encuentra en la página \"Add New Forum\" haciendo una petición HTTP POST autenticada a \"/Upload/admin/index.php?module=forum-management&action=add\"", }, ], id: "CVE-2020-19049", lastModified: "2024-11-21T05:08:56.127", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-31T14:15:25.390", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/joelister/bug/issues/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/joelister/bug/issues/2", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-11-04 21:00
Modified
2024-11-21 00:52
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the redirect function in functions.php in MyBB (aka MyBulletinBoard) 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter in a removesubscriptions action to moderation.php, related to use of the ajax option to request a JavaScript redirect. NOTE: this can be leveraged to execute PHP code and bypass cross-site request forgery (CSRF) protection.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9503D6C2-DCBC-4720-BE29-34913950407E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the redirect function in functions.php in MyBB (aka MyBulletinBoard) 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter in a removesubscriptions action to moderation.php, related to use of the ajax option to request a JavaScript redirect. NOTE: this can be leveraged to execute PHP code and bypass cross-site request forgery (CSRF) protection.", }, { lang: "es", value: "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la función \"redirect\" de functions.php de MyBB (también conocido como MyBulletinBoard) v1.4.2; permite a atacantes remotos inyectar secuencias de comandos Web o HTML a través del parámetro \"url\" en una acción \"removesubscriptions\" (eliminar las suscripciones) de moderation.php. Está relacionado con el uso de la opción ajax para solicitar una redirección JavaScript. NOTA: Esto puede ser empleado para ejecutar código PHP y evitar la protección de falsificación de petición en sitios cruzados (CSRF).", }, ], id: "CVE-2008-4928", lastModified: "2024-11-21T00:52:51.880", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2008-11-04T21:00:05.907", references: [ { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://archives.neohapsis.com/archives/bugtraq/2008-10/0212.html", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2008/11/01/2", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/31935", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/2967", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://archives.neohapsis.com/archives/bugtraq/2008-10/0212.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2008/11/01/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/31935", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/2967", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-31 22:59
Modified
2024-11-21 03:01
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the User control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94395 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94395 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | Patch, Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | merge_system | * | |
| mybb | mybb | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*", matchCriteriaId: "716986AC-5E6D-4DDD-A553-B88981BDE788", versionEndIncluding: "1.8.6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "2212E819-C064-4963-BCD2-214F09A46902", versionEndIncluding: "1.8.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the User control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, { lang: "es", value: "Vulnerabilidad de XSS en el panel de control de User en MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.7 y MyBB Merge System en versiones anteriores a 1.8.7 podrían permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados.", }, ], id: "CVE-2016-9406", lastModified: "2024-11-21T03:01:07.857", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-31T22:59:01.173", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94395", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94395", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-08-13 18:55
Modified
2024-11-21 01:38
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to inject arbitrary web script or HTML via a malformed file name in an orphaned attachment.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | mybb | * | |
| mybb | mybb | 1.00 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.01 | |
| mybb | mybb | 1.1.0 | |
| mybb | mybb | 1.1.1 | |
| mybb | mybb | 1.1.2 | |
| mybb | mybb | 1.1.3 | |
| mybb | mybb | 1.1.4 | |
| mybb | mybb | 1.1.5 | |
| mybb | mybb | 1.1.6 | |
| mybb | mybb | 1.1.7 | |
| mybb | mybb | 1.1.8 | |
| mybb | mybb | 1.02 | |
| mybb | mybb | 1.2.0 | |
| mybb | mybb | 1.2.1 | |
| mybb | mybb | 1.2.2 | |
| mybb | mybb | 1.2.3 | |
| mybb | mybb | 1.2.4 | |
| mybb | mybb | 1.2.5 | |
| mybb | mybb | 1.2.6 | |
| mybb | mybb | 1.2.7 | |
| mybb | mybb | 1.2.8 | |
| mybb | mybb | 1.2.9 | |
| mybb | mybb | 1.2.10 | |
| mybb | mybb | 1.2.11 | |
| mybb | mybb | 1.2.12 | |
| mybb | mybb | 1.2.13 | |
| mybb | mybb | 1.2.14 | |
| mybb | mybb | 1.03 | |
| mybb | mybb | 1.3 | |
| mybb | mybb | 1.04 | |
| mybb | mybb | 1.4.0 | |
| mybb | mybb | 1.4.1 | |
| mybb | mybb | 1.4.2 | |
| mybb | mybb | 1.4.3 | |
| mybb | mybb | 1.4.4 | |
| mybb | mybb | 1.4.5 | |
| mybb | mybb | 1.4.6 | |
| mybb | mybb | 1.4.7 | |
| mybb | mybb | 1.4.8 | |
| mybb | mybb | 1.4.9 | |
| mybb | mybb | 1.4.10 | |
| mybb | mybb | 1.4.11 | |
| mybb | mybb | 1.4.12 | |
| mybb | mybb | 1.4.13 | |
| mybb | mybb | 1.4.14 | |
| mybb | mybb | 1.4.15 | |
| mybb | mybb | 1.4.16 | |
| mybb | mybb | 1.5.1 | |
| mybb | mybb | 1.5.2 | |
| mybb | mybb | 1.6.1 | |
| mybb | mybb | 1.6.2 | |
| mybb | mybb | 1.6.3 | |
| mybb | mybb | 1.6.4 | |
| mybb | mybb | 1.6.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "ACDC3261-4AA6-48DD-AF97-EF346DBC3FDD", versionEndIncluding: "1.6.6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.00:*:*:*:*:*:*:*", matchCriteriaId: "BD61D970-9363-4A75-A8DB-D0EBA2CF0D53", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:beta4:*:*:*:*:*:*", matchCriteriaId: "C14F8B95-1A33-4DA8-8DE4-35C7DC3590CF", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:pr1:*:*:*:*:*:*", matchCriteriaId: "CD7728CD-1FA0-4428-B3FC-883781A699CD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:pr2:*:*:*:*:*:*", matchCriteriaId: "0883675F-9442-49E7-8471-C205B7EA201D", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "B85E419B-F9D3-4839-A15C-F22BF9DABFAC", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc2:*:*:*:*:*:*", matchCriteriaId: "EAB8B860-71DC-4F45-9E2A-74BD1C2ED893", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc3:*:*:*:*:*:*", matchCriteriaId: "C67749DF-F8AF-4C88-A120-0F48307C58E1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc4:*:*:*:*:*:*", matchCriteriaId: "FD0820A0-5D85-446F-9B7E-F8DB258A1178", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.01:*:*:*:*:*:*:*", matchCriteriaId: "990E206E-5E2C-4A68-9FDF-CD47F7524054", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CF143B59-5C78-4BF6-9368-5BCF427B4753", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "B16F6F07-F5A9-47BF-88ED-25F068B68CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "A8A46A48-1361-4DD3-B97D-4C4FC776D68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "337D89AE-1B7A-4101-B1F7-DFEDF2369385", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.4:*:*:*:*:*:*:*", matchCriteriaId: "BE08AF25-EDB1-4DA1-B431-F0692858AAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.5:*:*:*:*:*:*:*", matchCriteriaId: "BF24E7BA-3144-4DBA-9613-A44FBE0822F9", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.6:*:*:*:*:*:*:*", matchCriteriaId: "029430A5-85BD-4258-B58D-F3DCBC625E5B", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.7:*:*:*:*:*:*:*", matchCriteriaId: "4183DB7F-FAB3-4D90-AD87-31CA4150CFDD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.8:*:*:*:*:*:*:*", matchCriteriaId: "3E2B90B8-DC02-4C79-BD69-DEF79945C418", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.02:*:*:*:*:*:*:*", matchCriteriaId: "C5C52215-D236-4D1A-9E30-14B9676FB68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B48D2EDF-86C2-475C-9476-E5A2D586CA0E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B6725373-C229-4B57-BB1E-AF178E19DEB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "36E4C84A-21D5-4C9A-85F8-45C9657CE6F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.3:*:*:*:*:*:*:*", matchCriteriaId: "C7E55085-E3E3-4BB8-A680-19A28D7E88F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "AB01A9AA-AE70-46DF-815A-05D1101EE706", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "98AFD77B-A046-4AB9-B6F4-FFFF66C63C68", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.6:*:*:*:*:*:*:*", matchCriteriaId: "AA00D38E-AAF6-4F66-9203-5C074FC61F30", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.7:*:*:*:*:*:*:*", matchCriteriaId: "137A8CED-BE82-462F-B83C-15F535961E74", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.8:*:*:*:*:*:*:*", matchCriteriaId: "D179FDB6-9B1D-438C-B512-9A5C4F869A4C", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.9:*:*:*:*:*:*:*", matchCriteriaId: "B3E72A13-6B4A-4C7F-B8D9-A2D35E074B67", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.10:*:*:*:*:*:*:*", matchCriteriaId: "3A2D344F-4671-4194-A553-A5773B5DF3B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.11:*:*:*:*:*:*:*", matchCriteriaId: "245760C8-DC10-47F1-843A-461AE2F3DF61", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.12:*:*:*:*:*:*:*", matchCriteriaId: "A055E6BF-3CAC-4C74-8E37-A89E3E0F8559", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.13:*:*:*:*:*:*:*", matchCriteriaId: "1121A071-3709-4B2B-ADF4-EDC560F73E0A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.14:*:*:*:*:*:*:*", matchCriteriaId: "71FD2842-7E00-440F-8A93-9D3F45A004DB", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.03:*:*:*:*:*:*:*", matchCriteriaId: "F6ABDEE8-D463-47CA-998D-33472F3382F3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.3:pre-1.0:*:*:*:*:*:*", matchCriteriaId: "16C45BFE-A083-4DC8-A2E5-9BCE543F5AE4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.04:*:*:*:*:*:*:*", matchCriteriaId: "DE44965F-F968-4CD2-9F21-1E1A92F5F7F2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "3FC8864E-161F-408E-93D6-693A9238C494", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "4C5965DE-D9B6-4074-B14B-ABCAAAAB872B", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9503D6C2-DCBC-4720-BE29-34913950407E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.3:*:*:*:*:*:*:*", matchCriteriaId: "0F6FC2B1-45DF-439E-8BAE-A15A08E7D9F7", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.4:*:*:*:*:*:*:*", matchCriteriaId: "853E94FE-A56F-44B0-87FE-DE5927B7A547", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.5:*:*:*:*:*:*:*", matchCriteriaId: "49C7F758-9E38-4870-85C3-11E350F96641", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.6:*:*:*:*:*:*:*", matchCriteriaId: "B46B7E13-51F8-4950-BBB4-A03B8E5B4750", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.7:*:*:*:*:*:*:*", matchCriteriaId: "58C9C804-6901-412C-B178-183417BD5C04", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.8:*:*:*:*:*:*:*", matchCriteriaId: "A00F1254-67DE-436D-AB83-1C55639BDBD2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.9:*:*:*:*:*:*:*", matchCriteriaId: "AC2FDC2B-2CB4-433F-9290-3A6BE0A929B5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.10:*:*:*:*:*:*:*", matchCriteriaId: "1FF9452B-CF4B-45F0-8487-23D9CCBB1A4A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.11:*:*:*:*:*:*:*", matchCriteriaId: "2021275B-D61A-4309-8876-5354E115CB29", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.12:*:*:*:*:*:*:*", matchCriteriaId: "7925DEA1-8062-45C9-94E7-19D8FACEAFCD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.13:*:*:*:*:*:*:*", matchCriteriaId: "D35E537F-0F49-40AB-9E97-7898D91353D1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.14:*:*:*:*:*:*:*", matchCriteriaId: "BCDC1181-A2B7-4D1B-B2BF-DAC9E58E88C3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.15:*:*:*:*:*:*:*", matchCriteriaId: "57C37D10-B945-4674-A846-BCEC573FF93C", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.16:*:*:*:*:*:*:*", matchCriteriaId: "4FD245B9-1381-4A1B-AF47-F28349FA6F52", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "2AFD7848-56E4-4608-82E7-CFF46A8809AC", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.5.2:*:*:*:*:*:*:*", matchCriteriaId: "CC489F94-3545-4E1A-AE9E-B88EB1A7D516", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.1:*:*:*:*:*:*:*", matchCriteriaId: "FBEB75D4-FAA4-4A5B-AA0A-57EE8EE88E61", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.2:*:*:*:*:*:*:*", matchCriteriaId: "00E51ABC-9F77-4028-BE47-D5BFD4FEC749", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.3:*:*:*:*:*:*:*", matchCriteriaId: "E0BD20D9-0DFC-451F-9C71-38C6D0236CF2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.4:*:*:*:*:*:*:*", matchCriteriaId: "FDFE35CB-05CC-4E6F-B188-1141773E7F10", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.5:*:*:*:*:*:*:*", matchCriteriaId: "22A90F66-DAE9-45FC-B255-390D569CCC56", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to inject arbitrary web script or HTML via a malformed file name in an orphaned attachment.", }, { lang: "es", value: "Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el Panel de control de administración (ACP) en MyBB (También conocido como MyBulletinBoard) antes de v1.6.7 permite a los administradores remotos inyectar secuencias de comandos web o HTML a través de un nombre de archivo con formato incorrecto en un archivo adjunto huérfano.\r\n", }, ], id: "CVE-2012-2326", lastModified: "2024-11-21T01:38:53.763", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2012-08-13T18:55:03.567", references: [ { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/05/07/13", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/05/07/14", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/53417", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/05/07/13", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/05/07/14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/53417", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-31 22:59
Modified
2024-11-21 03:01
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors related to login.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94395 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94395 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | Patch, Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | merge_system | * | |
| mybb | mybb | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*", matchCriteriaId: "716986AC-5E6D-4DDD-A553-B88981BDE788", versionEndIncluding: "1.8.6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "2212E819-C064-4963-BCD2-214F09A46902", versionEndIncluding: "1.8.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors related to login.", }, { lang: "es", value: "Vulnerabilidad de XSS en MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.7 y MyBB Merge System en versiones anteriores a 1.8.7 podrían permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con el inicio de sesión.", }, ], id: "CVE-2016-9404", lastModified: "2024-11-21T03:01:07.570", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-31T22:59:01.093", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94395", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94395", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-03-29 21:59
Modified
2024-11-21 02:28
Severity ?
Summary
Unspecified vulnerability in MyBB (aka MyBulletinBoard) before 1.8.4 has unknown attack vectors related to "Group join request notifications sent to wrong group leaders."
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "AEC41207-93E4-416F-9670-6AC626CF0700", versionEndIncluding: "1.8.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in MyBB (aka MyBulletinBoard) before 1.8.4 has unknown attack vectors related to \"Group join request notifications sent to wrong group leaders.\"", }, { lang: "es", value: "Vulnerabilidad no especificada en MyBB (también conocido como MyBulletinBoard) anterior a 1.8.4 tiene vectores de ataque desconocidos relacionados con 'notificaciones de solicitudes de unirse a un grupo enviadas al lideres de grupo equivocados.'", }, ], id: "CVE-2015-2786", lastModified: "2024-11-21T02:28:04.360", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-03-29T21:59:03.643", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/73394", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/73394", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-31 22:59
Modified
2024-11-21 03:01
Severity ?
Summary
MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow attackers to have unspecified impact via vectors related to low adminsid and sid entropy.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94395 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94395 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | Patch, Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | merge_system | * | |
| mybb | mybb | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*", matchCriteriaId: "716986AC-5E6D-4DDD-A553-B88981BDE788", versionEndIncluding: "1.8.6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "2212E819-C064-4963-BCD2-214F09A46902", versionEndIncluding: "1.8.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow attackers to have unspecified impact via vectors related to low adminsid and sid entropy.", }, { lang: "es", value: "MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.7 y MyBB Merge System en versiones anteriores a 1.8.7 permiten a atacantes tener un impacto no especificado a través de vectores relacionados con la baja entropía adminsid y sid.", }, ], id: "CVE-2016-9412", lastModified: "2024-11-21T03:01:08.773", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-31T22:59:01.423", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94395", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94395", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-15 18:29
Modified
2024-11-21 04:23
Severity ?
Summary
In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of aaaaaaaaaaaaaaaaaaaaaaaaaa.php.css to aaaaaaaaaaaaaaaaaaaaaaaaaa.php with a 30-character limit, aka theme import stylesheet name RCE.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.mybb.com/2019/06/10/mybb-1-8-21-released-security-maintenance-release/ | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://blog.ripstech.com/2019/mybb-stored-xss-to-rce/ | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2019/06/10/mybb-1-8-21-released-security-maintenance-release/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.ripstech.com/2019/mybb-stored-xss-to-rce/ | Exploit, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "438D60BF-E8A0-41F9-AE8E-B17569ECD586", versionEndExcluding: "1.8.21", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of aaaaaaaaaaaaaaaaaaaaaaaaaa.php.css to aaaaaaaaaaaaaaaaaaaaaaaaaa.php with a 30-character limit, aka theme import stylesheet name RCE.", }, { lang: "es", value: "En MyBB anterior a versión 1.8.21, un atacante puede abusar de un comportamiento por defecto de MySQL en muchos sistemas (lo que conlleva a un truncamiento de cadenas que muy largas para una columna de la base de datos) para crear un shell PHP en el directorio de caché de un foro apuntado por medio de un importación XML creada, como es demostrado mediante el truncamiento de aaaaaaaaaaaaaaaaaaaaaaaa.php.css a aaaaaaaaaaaaaaaaaaaaaaaaaa.php con un límite de 30 caracteres, también se conoce como Ejecución de Código Remota (RCE) del nombre de la hoja de estilo (stylesheet name) theme import", }, ], id: "CVE-2019-12831", lastModified: "2024-11-21T04:23:40.667", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-15T18:29:00.283", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2019/06/10/mybb-1-8-21-released-security-maintenance-release/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "https://blog.ripstech.com/2019/mybb-stored-xss-to-rce/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2019/06/10/mybb-1-8-21-released-security-maintenance-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://blog.ripstech.com/2019/mybb-stored-xss-to-rce/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-12-30 21:00
Modified
2024-11-21 01:21
Severity ?
Summary
MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden threads, which allows remote attackers to obtain sensitive information by reading the Latest Threads block of the Portal Page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | mybb | * | |
| mybb | mybb | 1.00 | |
| mybb | mybb | 1.01 | |
| mybb | mybb | 1.1.0 | |
| mybb | mybb | 1.1.1 | |
| mybb | mybb | 1.1.2 | |
| mybb | mybb | 1.1.3 | |
| mybb | mybb | 1.1.4 | |
| mybb | mybb | 1.1.5 | |
| mybb | mybb | 1.1.6 | |
| mybb | mybb | 1.1.7 | |
| mybb | mybb | 1.1.8 | |
| mybb | mybb | 1.02 | |
| mybb | mybb | 1.2 | |
| mybb | mybb | 1.2.0 | |
| mybb | mybb | 1.2.1 | |
| mybb | mybb | 1.2.2 | |
| mybb | mybb | 1.2.3 | |
| mybb | mybb | 1.2.4 | |
| mybb | mybb | 1.2.5 | |
| mybb | mybb | 1.2.6 | |
| mybb | mybb | 1.2.7 | |
| mybb | mybb | 1.2.8 | |
| mybb | mybb | 1.2.9 | |
| mybb | mybb | 1.2.10 | |
| mybb | mybb | 1.2.11 | |
| mybb | mybb | 1.2.12 | |
| mybb | mybb | 1.2.13 | |
| mybb | mybb | 1.03 | |
| mybb | mybb | 1.04 | |
| mybb | mybb | 1.4.0 | |
| mybb | mybb | 1.4.2 | |
| mybb | mybb | 1.4.3 | |
| mybb | mybb | 1.4.6 | |
| mybb | mybb | 1.4.8 | |
| mybb | mybb | 1.4.9 | |
| mybb | mybb | 1.4.10 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "AA9326ED-4299-46B9-B654-0BC7C5282903", versionEndIncluding: "1.4.11", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.00:*:*:*:*:*:*:*", matchCriteriaId: "BD61D970-9363-4A75-A8DB-D0EBA2CF0D53", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.01:*:*:*:*:*:*:*", matchCriteriaId: "990E206E-5E2C-4A68-9FDF-CD47F7524054", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CF143B59-5C78-4BF6-9368-5BCF427B4753", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "B16F6F07-F5A9-47BF-88ED-25F068B68CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "A8A46A48-1361-4DD3-B97D-4C4FC776D68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "337D89AE-1B7A-4101-B1F7-DFEDF2369385", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.4:*:*:*:*:*:*:*", matchCriteriaId: "BE08AF25-EDB1-4DA1-B431-F0692858AAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.5:*:*:*:*:*:*:*", matchCriteriaId: "BF24E7BA-3144-4DBA-9613-A44FBE0822F9", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.6:*:*:*:*:*:*:*", matchCriteriaId: "029430A5-85BD-4258-B58D-F3DCBC625E5B", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.7:*:*:*:*:*:*:*", matchCriteriaId: "4183DB7F-FAB3-4D90-AD87-31CA4150CFDD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.8:*:*:*:*:*:*:*", matchCriteriaId: "3E2B90B8-DC02-4C79-BD69-DEF79945C418", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.02:*:*:*:*:*:*:*", matchCriteriaId: "C5C52215-D236-4D1A-9E30-14B9676FB68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2:*:*:*:*:*:*:*", matchCriteriaId: "4E080342-93CD-4E74-AE60-5858738CE7F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B48D2EDF-86C2-475C-9476-E5A2D586CA0E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B6725373-C229-4B57-BB1E-AF178E19DEB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "36E4C84A-21D5-4C9A-85F8-45C9657CE6F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.3:*:*:*:*:*:*:*", matchCriteriaId: "C7E55085-E3E3-4BB8-A680-19A28D7E88F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "AB01A9AA-AE70-46DF-815A-05D1101EE706", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "98AFD77B-A046-4AB9-B6F4-FFFF66C63C68", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.6:*:*:*:*:*:*:*", matchCriteriaId: "AA00D38E-AAF6-4F66-9203-5C074FC61F30", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.7:*:*:*:*:*:*:*", matchCriteriaId: "137A8CED-BE82-462F-B83C-15F535961E74", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.8:*:*:*:*:*:*:*", matchCriteriaId: "D179FDB6-9B1D-438C-B512-9A5C4F869A4C", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.9:*:*:*:*:*:*:*", matchCriteriaId: "B3E72A13-6B4A-4C7F-B8D9-A2D35E074B67", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.10:*:*:*:*:*:*:*", matchCriteriaId: "3A2D344F-4671-4194-A553-A5773B5DF3B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.11:*:*:*:*:*:*:*", matchCriteriaId: "245760C8-DC10-47F1-843A-461AE2F3DF61", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.12:*:*:*:*:*:*:*", matchCriteriaId: "A055E6BF-3CAC-4C74-8E37-A89E3E0F8559", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.13:*:*:*:*:*:*:*", matchCriteriaId: "1121A071-3709-4B2B-ADF4-EDC560F73E0A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.03:*:*:*:*:*:*:*", matchCriteriaId: "F6ABDEE8-D463-47CA-998D-33472F3382F3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.04:*:*:*:*:*:*:*", matchCriteriaId: "DE44965F-F968-4CD2-9F21-1E1A92F5F7F2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "3FC8864E-161F-408E-93D6-693A9238C494", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9503D6C2-DCBC-4720-BE29-34913950407E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.3:*:*:*:*:*:*:*", matchCriteriaId: "0F6FC2B1-45DF-439E-8BAE-A15A08E7D9F7", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.6:*:*:*:*:*:*:*", matchCriteriaId: "B46B7E13-51F8-4950-BBB4-A03B8E5B4750", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.8:*:*:*:*:*:*:*", matchCriteriaId: "A00F1254-67DE-436D-AB83-1C55639BDBD2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.9:*:*:*:*:*:*:*", matchCriteriaId: "AC2FDC2B-2CB4-433F-9290-3A6BE0A929B5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.10:*:*:*:*:*:*:*", matchCriteriaId: "1FF9452B-CF4B-45F0-8487-23D9CCBB1A4A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden threads, which allows remote attackers to obtain sensitive information by reading the Latest Threads block of the Portal Page.", }, { lang: "es", value: "MyBB (MyBulletinBoard) en versiones anteriores a la 1.4.12 no maneja apropiadamente una configuración de un foro visible que contiene hilos ocultos, lo que permite a atacantes remotos obtener información confidencial leyendo el bloque de hilos últimos de la página del portal.", }, ], id: "CVE-2010-4625", lastModified: "2024-11-21T01:21:23.473", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-12-30T21:00:02.517", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", }, { source: "cve@mitre.org", url: "http://community.mybb.com/thread-66255.html", }, { source: "cve@mitre.org", url: "http://dev.mybboard.net/issues/809", }, { source: "cve@mitre.org", url: "http://openwall.com/lists/oss-security/2010/10/08/7", }, { source: "cve@mitre.org", url: "http://openwall.com/lists/oss-security/2010/10/11/8", }, { source: "cve@mitre.org", url: "http://openwall.com/lists/oss-security/2010/12/06/2", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64517", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://community.mybb.com/thread-66255.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://dev.mybboard.net/issues/809", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://openwall.com/lists/oss-security/2010/10/08/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://openwall.com/lists/oss-security/2010/10/11/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://openwall.com/lists/oss-security/2010/12/06/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64517", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-07-27 23:41
Modified
2024-11-21 00:49
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | mybb | * | |
| mybb | mybb | 1.00 | |
| mybb | mybb | 1.01 | |
| mybb | mybb | 1.1.0 | |
| mybb | mybb | 1.1.1 | |
| mybb | mybb | 1.1.2 | |
| mybb | mybb | 1.1.3 | |
| mybb | mybb | 1.1.4 | |
| mybb | mybb | 1.1.5 | |
| mybb | mybb | 1.1.6 | |
| mybb | mybb | 1.1.7 | |
| mybb | mybb | 1.1.8 | |
| mybb | mybb | 1.02 | |
| mybb | mybb | 1.2.0 | |
| mybb | mybb | 1.2.1 | |
| mybb | mybb | 1.2.2 | |
| mybb | mybb | 1.2.3 | |
| mybb | mybb | 1.2.4 | |
| mybb | mybb | 1.2.5 | |
| mybb | mybb | 1.2.6 | |
| mybb | mybb | 1.2.7 | |
| mybb | mybb | 1.2.8 | |
| mybb | mybb | 1.2.9 | |
| mybb | mybb | 1.2.10 | |
| mybb | mybb | 1.2.11 | |
| mybb | mybb | 1.2.12 | |
| mybb | mybb | 1.03 | |
| mybb | mybb | 1.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "E3067FB9-BCAA-4B7D-A3FE-8164C32C7440", versionEndIncluding: "1.2.13", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.00:*:*:*:*:*:*:*", matchCriteriaId: "BD61D970-9363-4A75-A8DB-D0EBA2CF0D53", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.01:*:*:*:*:*:*:*", matchCriteriaId: "990E206E-5E2C-4A68-9FDF-CD47F7524054", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CF143B59-5C78-4BF6-9368-5BCF427B4753", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "B16F6F07-F5A9-47BF-88ED-25F068B68CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "A8A46A48-1361-4DD3-B97D-4C4FC776D68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "337D89AE-1B7A-4101-B1F7-DFEDF2369385", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.4:*:*:*:*:*:*:*", matchCriteriaId: "BE08AF25-EDB1-4DA1-B431-F0692858AAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.5:*:*:*:*:*:*:*", matchCriteriaId: "BF24E7BA-3144-4DBA-9613-A44FBE0822F9", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.6:*:*:*:*:*:*:*", matchCriteriaId: "029430A5-85BD-4258-B58D-F3DCBC625E5B", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.7:*:*:*:*:*:*:*", matchCriteriaId: "4183DB7F-FAB3-4D90-AD87-31CA4150CFDD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.8:*:*:*:*:*:*:*", matchCriteriaId: "3E2B90B8-DC02-4C79-BD69-DEF79945C418", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.02:*:*:*:*:*:*:*", matchCriteriaId: "C5C52215-D236-4D1A-9E30-14B9676FB68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B48D2EDF-86C2-475C-9476-E5A2D586CA0E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B6725373-C229-4B57-BB1E-AF178E19DEB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "36E4C84A-21D5-4C9A-85F8-45C9657CE6F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.3:*:*:*:*:*:*:*", matchCriteriaId: "C7E55085-E3E3-4BB8-A680-19A28D7E88F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "AB01A9AA-AE70-46DF-815A-05D1101EE706", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "98AFD77B-A046-4AB9-B6F4-FFFF66C63C68", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.6:*:*:*:*:*:*:*", matchCriteriaId: "AA00D38E-AAF6-4F66-9203-5C074FC61F30", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.7:*:*:*:*:*:*:*", matchCriteriaId: "137A8CED-BE82-462F-B83C-15F535961E74", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.8:*:*:*:*:*:*:*", matchCriteriaId: "D179FDB6-9B1D-438C-B512-9A5C4F869A4C", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.9:*:*:*:*:*:*:*", matchCriteriaId: "B3E72A13-6B4A-4C7F-B8D9-A2D35E074B67", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.10:*:*:*:*:*:*:*", matchCriteriaId: "3A2D344F-4671-4194-A553-A5773B5DF3B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.11:*:*:*:*:*:*:*", matchCriteriaId: "245760C8-DC10-47F1-843A-461AE2F3DF61", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.12:*:*:*:*:*:*:*", matchCriteriaId: "A055E6BF-3CAC-4C74-8E37-A89E3E0F8559", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.03:*:*:*:*:*:*:*", matchCriteriaId: "F6ABDEE8-D463-47CA-998D-33472F3382F3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.04:*:*:*:*:*:*:*", matchCriteriaId: "DE44965F-F968-4CD2-9F21-1E1A92F5F7F2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php.", }, { lang: "es", value: "Una vulnerabilidad de tipo cross-site scripting (XSS) en MyBB versiones 1.2.x anteriores a 1.2.14, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados, posiblemente involucrando el archivo search.php.", }, ], id: "CVE-2008-3334", lastModified: "2024-11-21T00:49:00.040", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2008-07-27T23:41:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://community.mybboard.net/thread-33865.html", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/31216", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/30401", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44034", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://community.mybboard.net/thread-33865.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/31216", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/30401", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44034", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-08-13 23:55
Modified
2024-11-21 01:22
Severity ?
Summary
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php. NOTE: the vendor disputes this issue, saying "Although this doesn't lead to an SQL injection, it does provide a general MyBB SQL error.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | mybb | * | |
| mybb | mybb | 1.00 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.01 | |
| mybb | mybb | 1.1.0 | |
| mybb | mybb | 1.1.1 | |
| mybb | mybb | 1.1.2 | |
| mybb | mybb | 1.1.3 | |
| mybb | mybb | 1.1.4 | |
| mybb | mybb | 1.1.5 | |
| mybb | mybb | 1.1.6 | |
| mybb | mybb | 1.1.7 | |
| mybb | mybb | 1.1.8 | |
| mybb | mybb | 1.02 | |
| mybb | mybb | 1.2 | |
| mybb | mybb | 1.2.0 | |
| mybb | mybb | 1.2.1 | |
| mybb | mybb | 1.2.2 | |
| mybb | mybb | 1.2.3 | |
| mybb | mybb | 1.2.4 | |
| mybb | mybb | 1.2.5 | |
| mybb | mybb | 1.2.6 | |
| mybb | mybb | 1.2.7 | |
| mybb | mybb | 1.2.8 | |
| mybb | mybb | 1.2.9 | |
| mybb | mybb | 1.2.10 | |
| mybb | mybb | 1.2.11 | |
| mybb | mybb | 1.2.12 | |
| mybb | mybb | 1.2.13 | |
| mybb | mybb | 1.2.14 | |
| mybb | mybb | 1.03 | |
| mybb | mybb | 1.3 | |
| mybb | mybb | 1.04 | |
| mybb | mybb | 1.4.0 | |
| mybb | mybb | 1.4.1 | |
| mybb | mybb | 1.4.2 | |
| mybb | mybb | 1.4.3 | |
| mybb | mybb | 1.4.4 | |
| mybb | mybb | 1.4.5 | |
| mybb | mybb | 1.4.6 | |
| mybb | mybb | 1.4.7 | |
| mybb | mybb | 1.4.8 | |
| mybb | mybb | 1.4.9 | |
| mybb | mybb | 1.4.10 | |
| mybb | mybb | 1.4.11 | |
| mybb | mybb | 1.4.12 | |
| mybb | mybb | 1.4.13 | |
| mybb | mybb | 1.4.14 | |
| mybb | mybb | 1.4.15 | |
| mybb | mybb | 1.4.16 | |
| mybb | mybb | 1.5.1 | |
| mybb | mybb | 1.5.2 | |
| mybboard | mybb | 1.4.3 | |
| mybboard | mybb | 1.4.10 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "D53879AD-6CE7-4A7C-B5C3-EE6C3101D773", versionEndIncluding: "1.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.00:*:*:*:*:*:*:*", matchCriteriaId: "BD61D970-9363-4A75-A8DB-D0EBA2CF0D53", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:beta4:*:*:*:*:*:*", matchCriteriaId: "C14F8B95-1A33-4DA8-8DE4-35C7DC3590CF", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:pr1:*:*:*:*:*:*", matchCriteriaId: "CD7728CD-1FA0-4428-B3FC-883781A699CD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:pr2:*:*:*:*:*:*", matchCriteriaId: "0883675F-9442-49E7-8471-C205B7EA201D", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "B85E419B-F9D3-4839-A15C-F22BF9DABFAC", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc2:*:*:*:*:*:*", matchCriteriaId: "EAB8B860-71DC-4F45-9E2A-74BD1C2ED893", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc3:*:*:*:*:*:*", matchCriteriaId: "C67749DF-F8AF-4C88-A120-0F48307C58E1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc4:*:*:*:*:*:*", matchCriteriaId: "FD0820A0-5D85-446F-9B7E-F8DB258A1178", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.01:*:*:*:*:*:*:*", matchCriteriaId: "990E206E-5E2C-4A68-9FDF-CD47F7524054", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CF143B59-5C78-4BF6-9368-5BCF427B4753", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "B16F6F07-F5A9-47BF-88ED-25F068B68CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "A8A46A48-1361-4DD3-B97D-4C4FC776D68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "337D89AE-1B7A-4101-B1F7-DFEDF2369385", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.4:*:*:*:*:*:*:*", matchCriteriaId: "BE08AF25-EDB1-4DA1-B431-F0692858AAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.5:*:*:*:*:*:*:*", matchCriteriaId: "BF24E7BA-3144-4DBA-9613-A44FBE0822F9", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.6:*:*:*:*:*:*:*", matchCriteriaId: "029430A5-85BD-4258-B58D-F3DCBC625E5B", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.7:*:*:*:*:*:*:*", matchCriteriaId: "4183DB7F-FAB3-4D90-AD87-31CA4150CFDD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.8:*:*:*:*:*:*:*", matchCriteriaId: "3E2B90B8-DC02-4C79-BD69-DEF79945C418", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.02:*:*:*:*:*:*:*", matchCriteriaId: "C5C52215-D236-4D1A-9E30-14B9676FB68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2:*:*:*:*:*:*:*", matchCriteriaId: "4E080342-93CD-4E74-AE60-5858738CE7F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B48D2EDF-86C2-475C-9476-E5A2D586CA0E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B6725373-C229-4B57-BB1E-AF178E19DEB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "36E4C84A-21D5-4C9A-85F8-45C9657CE6F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.3:*:*:*:*:*:*:*", matchCriteriaId: "C7E55085-E3E3-4BB8-A680-19A28D7E88F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "AB01A9AA-AE70-46DF-815A-05D1101EE706", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "98AFD77B-A046-4AB9-B6F4-FFFF66C63C68", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.6:*:*:*:*:*:*:*", matchCriteriaId: "AA00D38E-AAF6-4F66-9203-5C074FC61F30", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.7:*:*:*:*:*:*:*", matchCriteriaId: "137A8CED-BE82-462F-B83C-15F535961E74", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.8:*:*:*:*:*:*:*", matchCriteriaId: "D179FDB6-9B1D-438C-B512-9A5C4F869A4C", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.9:*:*:*:*:*:*:*", matchCriteriaId: "B3E72A13-6B4A-4C7F-B8D9-A2D35E074B67", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.10:*:*:*:*:*:*:*", matchCriteriaId: "3A2D344F-4671-4194-A553-A5773B5DF3B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.11:*:*:*:*:*:*:*", matchCriteriaId: "245760C8-DC10-47F1-843A-461AE2F3DF61", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.12:*:*:*:*:*:*:*", matchCriteriaId: "A055E6BF-3CAC-4C74-8E37-A89E3E0F8559", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.13:*:*:*:*:*:*:*", matchCriteriaId: "1121A071-3709-4B2B-ADF4-EDC560F73E0A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.14:*:*:*:*:*:*:*", matchCriteriaId: "71FD2842-7E00-440F-8A93-9D3F45A004DB", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.03:*:*:*:*:*:*:*", matchCriteriaId: "F6ABDEE8-D463-47CA-998D-33472F3382F3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.3:pre-1.0:*:*:*:*:*:*", matchCriteriaId: "16C45BFE-A083-4DC8-A2E5-9BCE543F5AE4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.04:*:*:*:*:*:*:*", matchCriteriaId: "DE44965F-F968-4CD2-9F21-1E1A92F5F7F2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "3FC8864E-161F-408E-93D6-693A9238C494", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "4C5965DE-D9B6-4074-B14B-ABCAAAAB872B", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9503D6C2-DCBC-4720-BE29-34913950407E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.3:*:*:*:*:*:*:*", matchCriteriaId: "0F6FC2B1-45DF-439E-8BAE-A15A08E7D9F7", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.4:*:*:*:*:*:*:*", matchCriteriaId: "853E94FE-A56F-44B0-87FE-DE5927B7A547", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.5:*:*:*:*:*:*:*", matchCriteriaId: "49C7F758-9E38-4870-85C3-11E350F96641", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.6:*:*:*:*:*:*:*", matchCriteriaId: "B46B7E13-51F8-4950-BBB4-A03B8E5B4750", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.7:*:*:*:*:*:*:*", matchCriteriaId: "58C9C804-6901-412C-B178-183417BD5C04", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.8:*:*:*:*:*:*:*", matchCriteriaId: "A00F1254-67DE-436D-AB83-1C55639BDBD2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.9:*:*:*:*:*:*:*", matchCriteriaId: "AC2FDC2B-2CB4-433F-9290-3A6BE0A929B5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.10:*:*:*:*:*:*:*", matchCriteriaId: "1FF9452B-CF4B-45F0-8487-23D9CCBB1A4A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.11:*:*:*:*:*:*:*", matchCriteriaId: "2021275B-D61A-4309-8876-5354E115CB29", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.12:*:*:*:*:*:*:*", matchCriteriaId: "7925DEA1-8062-45C9-94E7-19D8FACEAFCD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.13:*:*:*:*:*:*:*", matchCriteriaId: "D35E537F-0F49-40AB-9E97-7898D91353D1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.14:*:*:*:*:*:*:*", matchCriteriaId: "BCDC1181-A2B7-4D1B-B2BF-DAC9E58E88C3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.15:*:*:*:*:*:*:*", matchCriteriaId: "57C37D10-B945-4674-A846-BCEC573FF93C", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.16:*:*:*:*:*:*:*", matchCriteriaId: "4FD245B9-1381-4A1B-AF47-F28349FA6F52", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "2AFD7848-56E4-4608-82E7-CFF46A8809AC", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.5.2:*:*:*:*:*:*:*", matchCriteriaId: "CC489F94-3545-4E1A-AE9E-B88EB1A7D516", vulnerable: true, }, { criteria: "cpe:2.3:a:mybboard:mybb:1.4.3:*:*:*:*:*:*:*", matchCriteriaId: "D51785C1-C278-4302-A747-64246BE6F920", vulnerable: true, }, { criteria: "cpe:2.3:a:mybboard:mybb:1.4.10:*:*:*:*:*:*:*", matchCriteriaId: "24CD2FC7-005C-455E-9D71-719DD571741C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [ { sourceIdentifier: "secalert@redhat.com", tags: [ "disputed", ], }, ], descriptions: [ { lang: "en", value: "Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php. NOTE: the vendor disputes this issue, saying \"Although this doesn't lead to an SQL injection, it does provide a general MyBB SQL error.", }, { lang: "es", value: "** EN DISPUTA ** Múltiples vulnerabilidades de inyección SQL en MyBB (también conocido como MyBulletinBoard) antes de v1.6.1 permite a atacantes remotos ejecutar comandos SQL a través del parámetro 'keywords' de una acción (1) do_search a search.php o (2) una acción do_stuff a private.php. NOTA: El vendedor rechaza este problema diciendo que \"...aunque esto no conduce a una inyección de SQL, sí que provoca un error de genérico de MyBB de SQL Server\".\r\n", }, ], id: "CVE-2010-5096", lastModified: "2024-11-21T01:22:29.960", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-08-13T23:55:00.850", references: [ { source: "secalert@redhat.com", url: "http://dev.mybb.com/issues/1330", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/03/23/4", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/03/25/1", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/05/08/3", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/05/08/7", }, { source: "secalert@redhat.com", url: "http://www.osvdb.org/70013", }, { source: "secalert@redhat.com", url: "http://www.osvdb.org/70014", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/45565", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://dev.mybb.com/issues/1330", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/03/23/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/03/25/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/05/08/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/05/08/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/70013", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/70014", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/45565", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-31 22:59
Modified
2024-11-21 03:01
Severity ?
Summary
newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to have unspecified impact by leveraging a missing permission check.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94395 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94395 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | Patch, Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | merge_system | * | |
| mybb | mybb | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*", matchCriteriaId: "716986AC-5E6D-4DDD-A553-B88981BDE788", versionEndIncluding: "1.8.6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "2212E819-C064-4963-BCD2-214F09A46902", versionEndIncluding: "1.8.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to have unspecified impact by leveraging a missing permission check.", }, { lang: "es", value: "newreply.php en MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.7 y MyBB Merge System en versiones anteriores a 1.8.7 permite a atacantes remotos tener un impacto no especificado al aprovechar una comprobación de permiso perdida.", }, ], id: "CVE-2016-9403", lastModified: "2024-11-21T03:01:07.427", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-31T22:59:01.063", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94395", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94395", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-12-30 21:00
Modified
2024-11-21 01:21
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in usercp2.php in MyBB (aka MyBulletinBoard) before 1.4.12 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | mybb | * | |
| mybb | mybb | 1.00 | |
| mybb | mybb | 1.01 | |
| mybb | mybb | 1.1.0 | |
| mybb | mybb | 1.1.1 | |
| mybb | mybb | 1.1.2 | |
| mybb | mybb | 1.1.3 | |
| mybb | mybb | 1.1.4 | |
| mybb | mybb | 1.1.5 | |
| mybb | mybb | 1.1.6 | |
| mybb | mybb | 1.1.7 | |
| mybb | mybb | 1.1.8 | |
| mybb | mybb | 1.02 | |
| mybb | mybb | 1.2 | |
| mybb | mybb | 1.2.0 | |
| mybb | mybb | 1.2.1 | |
| mybb | mybb | 1.2.2 | |
| mybb | mybb | 1.2.3 | |
| mybb | mybb | 1.2.4 | |
| mybb | mybb | 1.2.5 | |
| mybb | mybb | 1.2.6 | |
| mybb | mybb | 1.2.7 | |
| mybb | mybb | 1.2.8 | |
| mybb | mybb | 1.2.9 | |
| mybb | mybb | 1.2.10 | |
| mybb | mybb | 1.2.11 | |
| mybb | mybb | 1.2.12 | |
| mybb | mybb | 1.2.13 | |
| mybb | mybb | 1.03 | |
| mybb | mybb | 1.04 | |
| mybb | mybb | 1.4.0 | |
| mybb | mybb | 1.4.2 | |
| mybb | mybb | 1.4.3 | |
| mybb | mybb | 1.4.6 | |
| mybb | mybb | 1.4.8 | |
| mybb | mybb | 1.4.9 | |
| mybb | mybb | 1.4.10 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "AA9326ED-4299-46B9-B654-0BC7C5282903", versionEndIncluding: "1.4.11", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.00:*:*:*:*:*:*:*", matchCriteriaId: "BD61D970-9363-4A75-A8DB-D0EBA2CF0D53", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.01:*:*:*:*:*:*:*", matchCriteriaId: "990E206E-5E2C-4A68-9FDF-CD47F7524054", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CF143B59-5C78-4BF6-9368-5BCF427B4753", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "B16F6F07-F5A9-47BF-88ED-25F068B68CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "A8A46A48-1361-4DD3-B97D-4C4FC776D68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "337D89AE-1B7A-4101-B1F7-DFEDF2369385", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.4:*:*:*:*:*:*:*", matchCriteriaId: "BE08AF25-EDB1-4DA1-B431-F0692858AAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.5:*:*:*:*:*:*:*", matchCriteriaId: "BF24E7BA-3144-4DBA-9613-A44FBE0822F9", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.6:*:*:*:*:*:*:*", matchCriteriaId: "029430A5-85BD-4258-B58D-F3DCBC625E5B", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.7:*:*:*:*:*:*:*", matchCriteriaId: "4183DB7F-FAB3-4D90-AD87-31CA4150CFDD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.8:*:*:*:*:*:*:*", matchCriteriaId: "3E2B90B8-DC02-4C79-BD69-DEF79945C418", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.02:*:*:*:*:*:*:*", matchCriteriaId: "C5C52215-D236-4D1A-9E30-14B9676FB68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2:*:*:*:*:*:*:*", matchCriteriaId: "4E080342-93CD-4E74-AE60-5858738CE7F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B48D2EDF-86C2-475C-9476-E5A2D586CA0E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B6725373-C229-4B57-BB1E-AF178E19DEB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "36E4C84A-21D5-4C9A-85F8-45C9657CE6F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.3:*:*:*:*:*:*:*", matchCriteriaId: "C7E55085-E3E3-4BB8-A680-19A28D7E88F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "AB01A9AA-AE70-46DF-815A-05D1101EE706", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "98AFD77B-A046-4AB9-B6F4-FFFF66C63C68", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.6:*:*:*:*:*:*:*", matchCriteriaId: "AA00D38E-AAF6-4F66-9203-5C074FC61F30", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.7:*:*:*:*:*:*:*", matchCriteriaId: "137A8CED-BE82-462F-B83C-15F535961E74", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.8:*:*:*:*:*:*:*", matchCriteriaId: "D179FDB6-9B1D-438C-B512-9A5C4F869A4C", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.9:*:*:*:*:*:*:*", matchCriteriaId: "B3E72A13-6B4A-4C7F-B8D9-A2D35E074B67", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.10:*:*:*:*:*:*:*", matchCriteriaId: "3A2D344F-4671-4194-A553-A5773B5DF3B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.11:*:*:*:*:*:*:*", matchCriteriaId: "245760C8-DC10-47F1-843A-461AE2F3DF61", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.12:*:*:*:*:*:*:*", matchCriteriaId: "A055E6BF-3CAC-4C74-8E37-A89E3E0F8559", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.13:*:*:*:*:*:*:*", matchCriteriaId: "1121A071-3709-4B2B-ADF4-EDC560F73E0A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.03:*:*:*:*:*:*:*", matchCriteriaId: "F6ABDEE8-D463-47CA-998D-33472F3382F3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.04:*:*:*:*:*:*:*", matchCriteriaId: "DE44965F-F968-4CD2-9F21-1E1A92F5F7F2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "3FC8864E-161F-408E-93D6-693A9238C494", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9503D6C2-DCBC-4720-BE29-34913950407E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.3:*:*:*:*:*:*:*", matchCriteriaId: "0F6FC2B1-45DF-439E-8BAE-A15A08E7D9F7", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.6:*:*:*:*:*:*:*", matchCriteriaId: "B46B7E13-51F8-4950-BBB4-A03B8E5B4750", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.8:*:*:*:*:*:*:*", matchCriteriaId: "A00F1254-67DE-436D-AB83-1C55639BDBD2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.9:*:*:*:*:*:*:*", matchCriteriaId: "AC2FDC2B-2CB4-433F-9290-3A6BE0A929B5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.10:*:*:*:*:*:*:*", matchCriteriaId: "1FF9452B-CF4B-45F0-8487-23D9CCBB1A4A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site request forgery (CSRF) vulnerability in usercp2.php in MyBB (aka MyBulletinBoard) before 1.4.12 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.", }, { lang: "es", value: "Vulnerabilidad de de falsificación de petición en sitios cruzados (CSRF) en usercp2.php de MyBB (MyBulletinBoard) en versiones anteriores a la 1.4.12. Permite a atacantes remotos secuestrar la autenticación de víctimas sin especificar a través de vectores desconocidos.", }, ], id: "CVE-2010-4627", lastModified: "2024-11-21T01:21:23.747", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2010-12-30T21:00:02.597", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", }, { source: "cve@mitre.org", url: "http://dev.mybboard.net/issues/852", }, { source: "cve@mitre.org", url: "http://openwall.com/lists/oss-security/2010/10/08/7", }, { source: "cve@mitre.org", url: "http://openwall.com/lists/oss-security/2010/10/11/8", }, { source: "cve@mitre.org", url: "http://openwall.com/lists/oss-security/2010/12/06/2", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64515", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://dev.mybboard.net/issues/852", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://openwall.com/lists/oss-security/2010/10/08/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://openwall.com/lists/oss-security/2010/10/11/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://openwall.com/lists/oss-security/2010/12/06/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64515", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-13 20:29
Modified
2024-11-21 03:41
Severity ?
Summary
MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target="_blank" rel="noopener"' in A elements, which makes it easier for remote attackers to conduct redirection attacks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/104187 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://gist.github.com/MayurUdiniya/7aaa50b878d82b6aab6ed0b3e2b080bc | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104187 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/MayurUdiniya/7aaa50b878d82b6aab6ed0b3e2b080bc | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:1.8.15:*:*:*:*:*:*:*", matchCriteriaId: "1DB4D668-C39B-4581-A493-F43984158649", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target=\"_blank\" rel=\"noopener\"' in A elements, which makes it easier for remote attackers to conduct redirection attacks.", }, { lang: "es", value: "MyBB 1.8.15, cuando se accede a él mediante Microsoft Edge, gestiona de manera incorrecta 'target=\"_blank\" rel=\"noopener\"' en elementos A, lo que facilita que atacantes remotos lleven a cabo ataques de redirección.", }, ], id: "CVE-2018-10678", lastModified: "2024-11-21T03:41:50.240", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-13T20:29:00.217", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104187", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://gist.github.com/MayurUdiniya/7aaa50b878d82b6aab6ed0b3e2b080bc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104187", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://gist.github.com/MayurUdiniya/7aaa50b878d82b6aab6ed0b3e2b080bc", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-601", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-31 22:59
Modified
2024-11-21 03:01
Severity ?
Summary
MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows allow remote attackers to overwrite arbitrary CSS files via vectors related to "style import."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94396 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/ | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94396 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/ | Patch, Release Notes, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*", matchCriteriaId: "FC4E25F3-7C9D-45E3-8330-961A56BC3C48", versionEndIncluding: "1.8.7", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "78D16782-41C7-4001-8DD1-C7A09B347733", versionEndIncluding: "1.8.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", matchCriteriaId: "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows allow remote attackers to overwrite arbitrary CSS files via vectors related to \"style import.\"", }, { lang: "es", value: "MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.8 en Windows y MyBB Merge System en versiones anteriores a 1.8.8 en Windows permiten a atacantes remotos sobrescribir archivos CSS arbitrarios a través de vectores relacionados con \"importar estilo\".", }, ], id: "CVE-2016-9415", lastModified: "2024-11-21T03:01:09.220", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-31T22:59:01.533", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94396", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94396", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-31 22:59
Modified
2024-11-21 03:01
Severity ?
Summary
MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allow remote attackers to have unspecified impact via vectors related to "loose comparison false positives."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94396 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/ | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94396 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/ | Patch, Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | merge_system | * | |
| mybb | mybb | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*", matchCriteriaId: "FC4E25F3-7C9D-45E3-8330-961A56BC3C48", versionEndIncluding: "1.8.7", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "78D16782-41C7-4001-8DD1-C7A09B347733", versionEndIncluding: "1.8.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allow remote attackers to have unspecified impact via vectors related to \"loose comparison false positives.\"", }, { lang: "es", value: "MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.8 y MyBB Merge System en versiones anteriores a 1.8.8 permiten a atacantes remotos tener un impacto no especificado a través de vectores relacionados con \"comparación suelta de falsos positivos\".", }, ], id: "CVE-2016-9420", lastModified: "2024-11-21T03:01:09.967", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-31T22:59:01.720", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94396", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94396", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-02-15 01:00
Modified
2024-11-21 00:42
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2.11 and earlier allow remote attackers to (1) hijack the authentication of moderators or administrators for requests that delete threads via a do_multideletethreads action to moderation.php and (2) hijack the authentication of arbitrary users for requests that delete private messages (PM) via a delete action to private.php.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "584748F9-2F9A-4FC8-8C4B-0C30E54F6FED", versionEndIncluding: "1.2.11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2.11 and earlier allow remote attackers to (1) hijack the authentication of moderators or administrators for requests that delete threads via a do_multideletethreads action to moderation.php and (2) hijack the authentication of arbitrary users for requests that delete private messages (PM) via a delete action to private.php.", }, { lang: "es", value: "Múltiples vulnerabilidades de tipo cross-site request forgery (CSRF) en MyBB versión 1.2.11 y anteriores, permiten a los atacantes remotos (1) secuestrar la autenticación de moderadores o administradores para las peticiones que eliminan hilos (subprocesos) por medio de una acción do_multideletethreads para el archivo moderation.php y (2) secuestran la autenticación de usuarios arbitrarios para peticiones que eliminan mensajes privados (PM) por medio de una acción delete en private.php.", }, ], id: "CVE-2008-0788", lastModified: "2024-11-21T00:42:54.773", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2008-02-15T01:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://community.mybboard.net/showthread.php?tid=27675", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/28572/", }, { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/3656", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.securityfocus.com/archive/1/486663", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2008/0238", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://community.mybboard.net/showthread.php?tid=27675", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/28572/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/3656", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.securityfocus.com/archive/1/486663", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2008/0238", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-31 22:59
Modified
2024-11-21 03:01
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94396 | ||
| cve@mitre.org | https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94396 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/ | Release Notes, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "78D16782-41C7-4001-8DD1-C7A09B347733", versionEndIncluding: "1.8.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, { lang: "es", value: "Vulnerabilidad de XSS en el panel de control de Admin en MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.8 y MyBB Merge System en versiones anteriores a 1.8.8 permite a los atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados.", }, ], id: "CVE-2016-9419", lastModified: "2024-11-21T03:01:09.817", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-31T22:59:01.673", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/94396", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/94396", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-04-11 10:19
Modified
2024-11-21 00:29
Severity ?
Summary
member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | mybb | 1.2.5 | |
| mybulletinboard | mybulletinboard | 1.2.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "98AFD77B-A046-4AB9-B6F4-FFFF66C63C68", vulnerable: true, }, { criteria: "cpe:2.3:a:mybulletinboard:mybulletinboard:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "B6FD3E97-2E37-4FE3-83A7-13E489BDFF0C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.", }, { lang: "es", value: "member.php en MyBB (también conocido como MyBulletinBoard), cuando el modo de depuración está disponible, permite a atacantes remotos autenticados cambiar la contraseña de cualquier cuenta dando la dirección de correo electrónico de cuentas registradas en una petición de depuración para la acción do_lostpw, lo cual imprime el código de verificación de cambio de la contraseña en la salida de depuración.", }, ], id: "CVE-2007-1964", lastModified: "2024-11-21T00:29:34.243", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-04-11T10:19:00.000", references: [ { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/2544", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/464267/100/100/threaded", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/33345", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/2544", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/464267/100/100/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/33345", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-07-08 18:41
Modified
2024-11-21 00:48
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MyBB before 1.2.13 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) portal.php and (2) inc/functions_post.php.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "53C7DC96-E461-4181-9555-5DFA116A96DF", versionEndIncluding: "1.2.12", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in MyBB before 1.2.13 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) portal.php and (2) inc/functions_post.php.", }, { lang: "es", value: "Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en MyBB anterior a 1.2.13, permite a atacantes remotos inyectar secuencias de comandos Web o HTML mediante parámetros no especificados en (1) portal.php y (2) inc/functions_post.php.", }, ], id: "CVE-2008-3069", lastModified: "2024-11-21T00:48:21.007", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2008-07-08T18:41:00.000", references: [ { source: "cve@mitre.org", url: "http://community.mybboard.net/attachment.php?aid=9272", }, { source: "cve@mitre.org", url: "http://community.mybboard.net/showthread.php?tid=31666", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/31013", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://community.mybboard.net/attachment.php?aid=9272", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://community.mybboard.net/showthread.php?tid=31666", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/31013", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-07-08 18:41
Modified
2024-11-21 00:48
Severity ?
Summary
Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $user['language'] variable, probably related to SQL injection.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "53C7DC96-E461-4181-9555-5DFA116A96DF", versionEndIncluding: "1.2.12", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $user['language'] variable, probably related to SQL injection.", }, { lang: "es", value: "Vulnerabilidad sin especificar en inc/datahandler/user.php en MyBB anterior a 1.2.13, tiene un impacto y vectores de ataque desconocidos en relación con la variable $user['language'], probablemente relacionado con la inyección SQL.", }, ], id: "CVE-2008-3070", lastModified: "2024-11-21T00:48:21.133", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-07-08T18:41:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://community.mybboard.net/attachment.php?aid=9272", }, { source: "cve@mitre.org", url: "http://community.mybboard.net/showthread.php?tid=31666", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/31013", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://community.mybboard.net/attachment.php?aid=9272", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://community.mybboard.net/showthread.php?tid=31666", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/31013", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-31 22:59
Modified
2024-11-21 03:01
Severity ?
Summary
The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94395 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | Patch, Third Party Advisory, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94395 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | Patch, Third Party Advisory, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | merge_system | * | |
| mybb | mybb | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*", matchCriteriaId: "716986AC-5E6D-4DDD-A553-B88981BDE788", versionEndIncluding: "1.8.6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "2212E819-C064-4963-BCD2-214F09A46902", versionEndIncluding: "1.8.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to conduct clickjacking attacks via unspecified vectors.", }, { lang: "es", value: "El panel de control Admin en MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.7 y MyBB Merge System en versiones anteriores a 1.8.7 permite a los atacantes remotos realizar ataques de secuestro de clic a través de vectores no especificados.", }, ], id: "CVE-2016-9413", lastModified: "2024-11-21T03:01:08.927", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-31T22:59:01.453", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94395", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94395", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-06 18:16
Modified
2024-11-21 07:17
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
MyBB is a free and open source forum software. The _Mail Settings_ → Additional Parameters for PHP's mail() function mail_parameters setting value, in connection with the configured mail program's options and behavior, may allow access to sensitive information and Remote Code Execution (RCE). The vulnerable module requires Admin CP access with the `_Can manage settings?_` permission and may depend on configured file permissions. MyBB 1.8.31 resolves this issue with the commit `0cd318136a`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "7C214187-7786-44BE-AD2F-5DF1B4C481EA", versionEndExcluding: "1.8.31", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB is a free and open source forum software. The _Mail Settings_ → Additional Parameters for PHP's mail() function mail_parameters setting value, in connection with the configured mail program's options and behavior, may allow access to sensitive information and Remote Code Execution (RCE). The vulnerable module requires Admin CP access with the `_Can manage settings?_` permission and may depend on configured file permissions. MyBB 1.8.31 resolves this issue with the commit `0cd318136a`. Users are advised to upgrade. There are no known workarounds for this vulnerability.", }, { lang: "es", value: "MyBB es un software de foros gratuito y de código abierto. El valor de la configuración de _Mail_ ? Additional Parameters for PHP's mail() function mail_parameters setting value, en relación con las opciones y el comportamiento del programa de correo configurado, puede permitir el acceso a información sensible y la ejecución remota de código (RCE). El módulo vulnerable requiere acceso al CP de administrador con el permiso `_Can manage settings?_` y puede depender de los permisos de los archivos configurados. MyBB 1.8.31 resuelve este problema con el commit `0cd318136a`. Se recomienda a los usuarios que actualicen. No hay soluciones conocidas para esta vulnerabilidad", }, ], id: "CVE-2022-39265", lastModified: "2024-11-21T07:17:54.837", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-06T18:16:12.163", references: [ { source: "security-advisories@github.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/blob/mybb_1830/install/resources/settings.xml#L2331-L2338", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/commit/0cd318136a10b029bb5c8a8f6dddf39d87519797", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-hxhm-rq9f-7xj7", }, { source: "security-advisories@github.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://mybb.com/versions/1.8.31/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/blob/mybb_1830/install/resources/settings.xml#L2331-L2338", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/commit/0cd318136a10b029bb5c8a8f6dddf39d87519797", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-hxhm-rq9f-7xj7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://mybb.com/versions/1.8.31/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-11-17 21:55
Modified
2024-11-21 01:45
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to inject arbitrary web script or HTML via the conditions[usergroup][] parameter in a search action to admin/index.php.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:1.6.6:*:*:*:*:*:*:*", matchCriteriaId: "E1A3FDDB-9488-405B-A2A0-500CF49061BE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to inject arbitrary web script or HTML via the conditions[usergroup][] parameter in a search action to admin/index.php.", }, { lang: "es", value: "Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en admin/modules/user/users.php en MyBB (alias MyBulletinBoard) v1.6.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro conditions[usergroup][] en una acción de búsqueda a admin/index.php.", }, ], id: "CVE-2012-5908", lastModified: "2024-11-21T01:45:29.700", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2012-11-17T21:55:05.487", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/80633", }, { source: "cve@mitre.org", url: "http://packetstormsecurity.org/files/111238/MyBB-1.6.6-Cross-Site-Scripting-SQL-Injection.html", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/52743", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74397", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/80633", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.org/files/111238/MyBB-1.6.6-Cross-Site-Scripting-SQL-Injection.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/52743", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74397", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-09-11 01:13
Modified
2024-11-21 00:50
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp2.php, (2) a certain location field in inc/functions_online.php, and certain (3) tsubject and (4) psubject fields in moderation.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | mybb | * | |
| mybb | mybb | 1.00 | |
| mybb | mybb | 1.01 | |
| mybb | mybb | 1.1.0 | |
| mybb | mybb | 1.1.1 | |
| mybb | mybb | 1.1.2 | |
| mybb | mybb | 1.1.3 | |
| mybb | mybb | 1.1.4 | |
| mybb | mybb | 1.1.5 | |
| mybb | mybb | 1.1.6 | |
| mybb | mybb | 1.1.7 | |
| mybb | mybb | 1.1.8 | |
| mybb | mybb | 1.02 | |
| mybb | mybb | 1.2 | |
| mybb | mybb | 1.2.0 | |
| mybb | mybb | 1.2.1 | |
| mybb | mybb | 1.2.2 | |
| mybb | mybb | 1.2.3 | |
| mybb | mybb | 1.2.4 | |
| mybb | mybb | 1.2.5 | |
| mybb | mybb | 1.2.6 | |
| mybb | mybb | 1.2.7 | |
| mybb | mybb | 1.2.8 | |
| mybb | mybb | 1.2.9 | |
| mybb | mybb | 1.2.10 | |
| mybb | mybb | 1.2.11 | |
| mybb | mybb | 1.2.12 | |
| mybb | mybb | 1.2.13 | |
| mybb | mybb | 1.03 | |
| mybb | mybb | 1.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "BE928783-BD14-4BCD-BC6E-13E406431705", versionEndIncluding: "1.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.00:*:*:*:*:*:*:*", matchCriteriaId: "BD61D970-9363-4A75-A8DB-D0EBA2CF0D53", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.01:*:*:*:*:*:*:*", matchCriteriaId: "990E206E-5E2C-4A68-9FDF-CD47F7524054", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CF143B59-5C78-4BF6-9368-5BCF427B4753", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "B16F6F07-F5A9-47BF-88ED-25F068B68CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "A8A46A48-1361-4DD3-B97D-4C4FC776D68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "337D89AE-1B7A-4101-B1F7-DFEDF2369385", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.4:*:*:*:*:*:*:*", matchCriteriaId: "BE08AF25-EDB1-4DA1-B431-F0692858AAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.5:*:*:*:*:*:*:*", matchCriteriaId: "BF24E7BA-3144-4DBA-9613-A44FBE0822F9", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.6:*:*:*:*:*:*:*", matchCriteriaId: "029430A5-85BD-4258-B58D-F3DCBC625E5B", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.7:*:*:*:*:*:*:*", matchCriteriaId: "4183DB7F-FAB3-4D90-AD87-31CA4150CFDD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.8:*:*:*:*:*:*:*", matchCriteriaId: "3E2B90B8-DC02-4C79-BD69-DEF79945C418", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.02:*:*:*:*:*:*:*", matchCriteriaId: "C5C52215-D236-4D1A-9E30-14B9676FB68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2:*:*:*:*:*:*:*", matchCriteriaId: "4E080342-93CD-4E74-AE60-5858738CE7F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B48D2EDF-86C2-475C-9476-E5A2D586CA0E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B6725373-C229-4B57-BB1E-AF178E19DEB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "36E4C84A-21D5-4C9A-85F8-45C9657CE6F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.3:*:*:*:*:*:*:*", matchCriteriaId: "C7E55085-E3E3-4BB8-A680-19A28D7E88F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "AB01A9AA-AE70-46DF-815A-05D1101EE706", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "98AFD77B-A046-4AB9-B6F4-FFFF66C63C68", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.6:*:*:*:*:*:*:*", matchCriteriaId: "AA00D38E-AAF6-4F66-9203-5C074FC61F30", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.7:*:*:*:*:*:*:*", matchCriteriaId: "137A8CED-BE82-462F-B83C-15F535961E74", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.8:*:*:*:*:*:*:*", matchCriteriaId: "D179FDB6-9B1D-438C-B512-9A5C4F869A4C", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.9:*:*:*:*:*:*:*", matchCriteriaId: "B3E72A13-6B4A-4C7F-B8D9-A2D35E074B67", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.10:*:*:*:*:*:*:*", matchCriteriaId: "3A2D344F-4671-4194-A553-A5773B5DF3B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.11:*:*:*:*:*:*:*", matchCriteriaId: "245760C8-DC10-47F1-843A-461AE2F3DF61", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.12:*:*:*:*:*:*:*", matchCriteriaId: "A055E6BF-3CAC-4C74-8E37-A89E3E0F8559", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.13:*:*:*:*:*:*:*", matchCriteriaId: "1121A071-3709-4B2B-ADF4-EDC560F73E0A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.03:*:*:*:*:*:*:*", matchCriteriaId: "F6ABDEE8-D463-47CA-998D-33472F3382F3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.04:*:*:*:*:*:*:*", matchCriteriaId: "DE44965F-F968-4CD2-9F21-1E1A92F5F7F2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp2.php, (2) a certain location field in inc/functions_online.php, and certain (3) tsubject and (4) psubject fields in moderation.php.", }, { lang: "es", value: "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en MyBB (alias MyBulletinBoard) en versiones anteriores a 1.4.1 que permite a los atacantes remotos inyectar una secuencia arbitraria de comandos web o HTML a través de (1) un cierto campo origen en in usercp2.php, (2) un cierto campo origen en inc/functions_online.php, y ciertos campos (3) tsubject y (4) psubject en moderation.php", }, ], evaluatorSolution: "Patch information - http://community.mybboard.net/showthread.php?tid=36022\r\n", id: "CVE-2008-3966", lastModified: "2024-11-21T00:50:35.757", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2008-09-11T01:13:47.680", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://community.mybboard.net/attachment.php?aid=10579", }, { source: "cve@mitre.org", url: "http://community.mybboard.net/showthread.php?tid=36022", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/31760", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2008/09/09/1", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2008/09/09/9", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/31104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://community.mybboard.net/attachment.php?aid=10579", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://community.mybboard.net/showthread.php?tid=36022", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/31760", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2008/09/09/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2008/09/09/9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/31104", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-08-30 22:55
Modified
2024-11-21 01:33
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in MyBB before 1.6.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "usernames via AJAX."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | mybb | * | |
| mybb | mybb | 1.1.0 | |
| mybb | mybb | 1.1.1 | |
| mybb | mybb | 1.1.2 | |
| mybb | mybb | 1.1.3 | |
| mybb | mybb | 1.1.4 | |
| mybb | mybb | 1.1.5 | |
| mybb | mybb | 1.1.6 | |
| mybb | mybb | 1.1.7 | |
| mybb | mybb | 1.1.8 | |
| mybb | mybb | 1.2 | |
| mybb | mybb | 1.2.0 | |
| mybb | mybb | 1.2.1 | |
| mybb | mybb | 1.2.2 | |
| mybb | mybb | 1.2.3 | |
| mybb | mybb | 1.2.4 | |
| mybb | mybb | 1.2.5 | |
| mybb | mybb | 1.2.6 | |
| mybb | mybb | 1.2.7 | |
| mybb | mybb | 1.2.8 | |
| mybb | mybb | 1.2.9 | |
| mybb | mybb | 1.2.10 | |
| mybb | mybb | 1.2.11 | |
| mybb | mybb | 1.2.12 | |
| mybb | mybb | 1.2.13 | |
| mybb | mybb | 1.2.14 | |
| mybb | mybb | 1.3 | |
| mybb | mybb | 1.4.0 | |
| mybb | mybb | 1.4.1 | |
| mybb | mybb | 1.4.2 | |
| mybb | mybb | 1.4.3 | |
| mybb | mybb | 1.4.4 | |
| mybb | mybb | 1.4.5 | |
| mybb | mybb | 1.4.6 | |
| mybb | mybb | 1.4.7 | |
| mybb | mybb | 1.4.8 | |
| mybb | mybb | 1.4.9 | |
| mybb | mybb | 1.4.10 | |
| mybb | mybb | 1.4.11 | |
| mybb | mybb | 1.4.12 | |
| mybb | mybb | 1.4.13 | |
| mybb | mybb | 1.4.14 | |
| mybb | mybb | 1.4.15 | |
| mybb | mybb | 1.4.16 | |
| mybb | mybb | 1.5.1 | |
| mybb | mybb | 1.5.2 | |
| mybb | mybb | 1.6.0 | |
| mybb | mybb | 1.6.1 | |
| mybb | mybb | 1.6.2 | |
| mybb | mybb | 1.6.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "6EF48E06-2401-400C-B4DB-F26505D0638C", versionEndIncluding: "1.6.4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CF143B59-5C78-4BF6-9368-5BCF427B4753", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "B16F6F07-F5A9-47BF-88ED-25F068B68CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "A8A46A48-1361-4DD3-B97D-4C4FC776D68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "337D89AE-1B7A-4101-B1F7-DFEDF2369385", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.4:*:*:*:*:*:*:*", matchCriteriaId: "BE08AF25-EDB1-4DA1-B431-F0692858AAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.5:*:*:*:*:*:*:*", matchCriteriaId: "BF24E7BA-3144-4DBA-9613-A44FBE0822F9", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.6:*:*:*:*:*:*:*", matchCriteriaId: "029430A5-85BD-4258-B58D-F3DCBC625E5B", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.7:*:*:*:*:*:*:*", matchCriteriaId: "4183DB7F-FAB3-4D90-AD87-31CA4150CFDD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.8:*:*:*:*:*:*:*", matchCriteriaId: "3E2B90B8-DC02-4C79-BD69-DEF79945C418", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2:*:*:*:*:*:*:*", matchCriteriaId: "4E080342-93CD-4E74-AE60-5858738CE7F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B48D2EDF-86C2-475C-9476-E5A2D586CA0E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B6725373-C229-4B57-BB1E-AF178E19DEB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "36E4C84A-21D5-4C9A-85F8-45C9657CE6F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.3:*:*:*:*:*:*:*", matchCriteriaId: "C7E55085-E3E3-4BB8-A680-19A28D7E88F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "AB01A9AA-AE70-46DF-815A-05D1101EE706", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "98AFD77B-A046-4AB9-B6F4-FFFF66C63C68", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.6:*:*:*:*:*:*:*", matchCriteriaId: "AA00D38E-AAF6-4F66-9203-5C074FC61F30", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.7:*:*:*:*:*:*:*", matchCriteriaId: "137A8CED-BE82-462F-B83C-15F535961E74", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.8:*:*:*:*:*:*:*", matchCriteriaId: "D179FDB6-9B1D-438C-B512-9A5C4F869A4C", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.9:*:*:*:*:*:*:*", matchCriteriaId: "B3E72A13-6B4A-4C7F-B8D9-A2D35E074B67", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.10:*:*:*:*:*:*:*", matchCriteriaId: "3A2D344F-4671-4194-A553-A5773B5DF3B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.11:*:*:*:*:*:*:*", matchCriteriaId: "245760C8-DC10-47F1-843A-461AE2F3DF61", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.12:*:*:*:*:*:*:*", matchCriteriaId: "A055E6BF-3CAC-4C74-8E37-A89E3E0F8559", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.13:*:*:*:*:*:*:*", matchCriteriaId: "1121A071-3709-4B2B-ADF4-EDC560F73E0A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.14:*:*:*:*:*:*:*", matchCriteriaId: "71FD2842-7E00-440F-8A93-9D3F45A004DB", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.3:pre-1.0:*:*:*:*:*:*", matchCriteriaId: "16C45BFE-A083-4DC8-A2E5-9BCE543F5AE4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "3FC8864E-161F-408E-93D6-693A9238C494", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "4C5965DE-D9B6-4074-B14B-ABCAAAAB872B", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9503D6C2-DCBC-4720-BE29-34913950407E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.3:*:*:*:*:*:*:*", matchCriteriaId: "0F6FC2B1-45DF-439E-8BAE-A15A08E7D9F7", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.4:*:*:*:*:*:*:*", matchCriteriaId: "853E94FE-A56F-44B0-87FE-DE5927B7A547", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.5:*:*:*:*:*:*:*", matchCriteriaId: "49C7F758-9E38-4870-85C3-11E350F96641", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.6:*:*:*:*:*:*:*", matchCriteriaId: "B46B7E13-51F8-4950-BBB4-A03B8E5B4750", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.7:*:*:*:*:*:*:*", matchCriteriaId: "58C9C804-6901-412C-B178-183417BD5C04", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.8:*:*:*:*:*:*:*", matchCriteriaId: "A00F1254-67DE-436D-AB83-1C55639BDBD2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.9:*:*:*:*:*:*:*", matchCriteriaId: "AC2FDC2B-2CB4-433F-9290-3A6BE0A929B5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.10:*:*:*:*:*:*:*", matchCriteriaId: "1FF9452B-CF4B-45F0-8487-23D9CCBB1A4A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.11:*:*:*:*:*:*:*", matchCriteriaId: "2021275B-D61A-4309-8876-5354E115CB29", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.12:*:*:*:*:*:*:*", matchCriteriaId: "7925DEA1-8062-45C9-94E7-19D8FACEAFCD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.13:*:*:*:*:*:*:*", matchCriteriaId: "D35E537F-0F49-40AB-9E97-7898D91353D1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.14:*:*:*:*:*:*:*", matchCriteriaId: "BCDC1181-A2B7-4D1B-B2BF-DAC9E58E88C3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.15:*:*:*:*:*:*:*", matchCriteriaId: "57C37D10-B945-4674-A846-BCEC573FF93C", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.16:*:*:*:*:*:*:*", matchCriteriaId: "4FD245B9-1381-4A1B-AF47-F28349FA6F52", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "2AFD7848-56E4-4608-82E7-CFF46A8809AC", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.5.2:*:*:*:*:*:*:*", matchCriteriaId: "CC489F94-3545-4E1A-AE9E-B88EB1A7D516", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5B50C36-C3D7-48FD-805B-4A94E727C93F", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.1:*:*:*:*:*:*:*", matchCriteriaId: "FBEB75D4-FAA4-4A5B-AA0A-57EE8EE88E61", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.2:*:*:*:*:*:*:*", matchCriteriaId: "00E51ABC-9F77-4028-BE47-D5BFD4FEC749", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.3:*:*:*:*:*:*:*", matchCriteriaId: "E0BD20D9-0DFC-451F-9C71-38C6D0236CF2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in MyBB before 1.6.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to \"usernames via AJAX.\"", }, { lang: "es", value: "Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en MyBB anterior a v1.6.5 permite a atacantes remotos inyectar código web o HTML arbitrario a través de vectores relacionados con nombres de usuarios a través de AJAX.", }, ], id: "CVE-2011-5132", lastModified: "2024-11-21T01:33:42.967", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2012-08-30T22:55:04.187", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/46951", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/77326", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/50816", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/71461", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/46951", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/77326", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/50816", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/71461", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-12-03 21:59
Modified
2024-11-21 02:20
Severity ?
Summary
SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the question_id parameter in a do_register action.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:1.8.0:*:*:*:*:*:*:*", matchCriteriaId: "E697D13C-5594-491B-B911-3B4BEA00AFCC", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.8.1:*:*:*:*:*:*:*", matchCriteriaId: "00724054-858F-4322-8BE5-F6929CC2CAD8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the question_id parameter in a do_register action.", }, { lang: "es", value: "Vulnerabilidad de inyección SQL en member.php en MyBB (también conocido como MyBulletinBoard) 1.8.x anterior a 1.8.2 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro question_id en una acción do_register.", }, ], id: "CVE-2014-9240", lastModified: "2024-11-21T02:20:27.793", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-12-03T21:59:10.400", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2014/11/13/mybb-1-8-2-released-security-release/", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://packetstormsecurity.com/files/129109/MyBB-1.8.1-Cross-Site-Scripting-SQL-Injection.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2014/11/13/mybb-1-8-2-released-security-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://packetstormsecurity.com/files/129109/MyBB-1.8.1-Cross-Site-Scripting-SQL-Injection.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2006-01-16 21:03
Modified
2024-11-21 00:05
Severity ?
Summary
Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php, (4) inc/functions_upload.php, (5) printthread.php, and (6) usercp.php, and probably related to SQL injection. NOTE: it is likely that this issue subsumes CVE-2005-4602 and CVE-2005-4603. However, since the vendor advisory is vague and additional files are mentioned, is is likely that this contains at least one distinct vulnerability from CVE-2005-4602 and CVE-2005-4603.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://community.mybboard.net/showthread.php?tid=5852 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://community.mybboard.net/showthread.php?tid=5852 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "D04CCBA4-FD62-41BA-838C-A307BA792E8F", versionEndIncluding: "1.01", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.00:*:*:*:*:*:*:*", matchCriteriaId: "BD61D970-9363-4A75-A8DB-D0EBA2CF0D53", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:beta4:*:*:*:*:*:*", matchCriteriaId: "C14F8B95-1A33-4DA8-8DE4-35C7DC3590CF", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:pr1:*:*:*:*:*:*", matchCriteriaId: "CD7728CD-1FA0-4428-B3FC-883781A699CD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:pr2:*:*:*:*:*:*", matchCriteriaId: "0883675F-9442-49E7-8471-C205B7EA201D", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "B85E419B-F9D3-4839-A15C-F22BF9DABFAC", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc2:*:*:*:*:*:*", matchCriteriaId: "EAB8B860-71DC-4F45-9E2A-74BD1C2ED893", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc3:*:*:*:*:*:*", matchCriteriaId: "C67749DF-F8AF-4C88-A120-0F48307C58E1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc4:*:*:*:*:*:*", matchCriteriaId: "FD0820A0-5D85-446F-9B7E-F8DB258A1178", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php, (4) inc/functions_upload.php, (5) printthread.php, and (6) usercp.php, and probably related to SQL injection. NOTE: it is likely that this issue subsumes CVE-2005-4602 and CVE-2005-4603. However, since the vendor advisory is vague and additional files are mentioned, is is likely that this contains at least one distinct vulnerability from CVE-2005-4602 and CVE-2005-4603.", }, ], id: "CVE-2006-0218", lastModified: "2024-11-21T00:05:56.930", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2006-01-16T21:03:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://community.mybboard.net/showthread.php?tid=5852", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://community.mybboard.net/showthread.php?tid=5852", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-22 19:15
Modified
2024-11-21 07:55
Severity ?
Summary
In MyBB before 1.8.34, there is XSS in the User CP module via the user email field.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/mybb/mybb/security/advisories/GHSA-3q8x-9fh2-v646 | Patch, Release Notes, Third Party Advisory | |
| cve@mitre.org | https://mybb.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mybb/mybb/security/advisories/GHSA-3q8x-9fh2-v646 | Patch, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mybb.com | Product |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "D7F6C2C7-3E6F-4861-B774-EAA1912EDA23", versionEndExcluding: "1.8.34", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In MyBB before 1.8.34, there is XSS in the User CP module via the user email field.", }, ], id: "CVE-2023-28467", lastModified: "2024-11-21T07:55:08.857", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-05-22T19:15:10.017", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-3q8x-9fh2-v646", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://mybb.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-3q8x-9fh2-v646", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://mybb.com", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-04-24 20:19
Modified
2024-11-21 00:30
Severity ?
Summary
Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "98AFD77B-A046-4AB9-B6F4-FFFF66C63C68", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.", }, { lang: "es", value: "Múltiples vulnerabilidades de inyección SQL en calendar.php en MyBB (también conocido como MyBulletinBoard) 1.2.5 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro (1) year o (2) month. NOTA: la procedencia de esta información es desconocida; los detalles han sido obtenidos a partir de la información de terceros. \r\n", }, ], id: "CVE-2007-2212", lastModified: "2024-11-21T00:30:12.517", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-04-24T20:19:00.000", references: [ { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/33814", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/33814", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-31 22:59
Modified
2024-11-21 02:39
Severity ?
Summary
SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94397 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94397 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/ | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*", matchCriteriaId: "22907EC0-5A2D-4DCF-B887-8FA311B3D4E2", versionEndIncluding: "1.8.5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "2FF6F484-A280-45A6-BB5E-B923339B7109", versionEndIncluding: "1.6.17", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.8.0:*:*:*:*:*:*:*", matchCriteriaId: "E697D13C-5594-491B-B911-3B4BEA00AFCC", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.8.1:*:*:*:*:*:*:*", matchCriteriaId: "00724054-858F-4322-8BE5-F6929CC2CAD8", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.8.2:*:*:*:*:*:*:*", matchCriteriaId: "95998F68-1F16-4FEA-BDE3-957235D04881", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.8.3:*:*:*:*:*:*:*", matchCriteriaId: "927F9547-773B-4F2C-8870-AA3672EEC7CA", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.8.4:*:*:*:*:*:*:*", matchCriteriaId: "6817FA9E-51B7-4ADE-86E2-E9F559A585EC", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.8.5:*:*:*:*:*:*:*", matchCriteriaId: "667EFFF1-E5C1-4124-BD0B-D4244FAECE15", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.", }, { lang: "es", value: "Vulnerabilidad de inyección SQL en el módulo Group Promotions en el panel de control de administrador en MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.6.18 y 1.8.x en versiones anteriores a 1.8.6 y MyBB Merge System en versiones anteriores a 1.8.6 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados.", }, ], id: "CVE-2015-8974", lastModified: "2024-11-21T02:39:34.977", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-31T22:59:00.187", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94397", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94397", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-12-30 21:00
Modified
2024-11-21 01:21
Severity ?
Summary
MyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict uid values for group join requests, which allows remote attackers to cause a denial of service (resource consumption) by using guest access to submit join request forms for moderated groups, related to usercp.php and managegroup.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | mybb | * | |
| mybb | mybb | 1.00 | |
| mybb | mybb | 1.01 | |
| mybb | mybb | 1.1.0 | |
| mybb | mybb | 1.1.1 | |
| mybb | mybb | 1.1.2 | |
| mybb | mybb | 1.1.3 | |
| mybb | mybb | 1.1.4 | |
| mybb | mybb | 1.1.5 | |
| mybb | mybb | 1.1.6 | |
| mybb | mybb | 1.1.7 | |
| mybb | mybb | 1.1.8 | |
| mybb | mybb | 1.02 | |
| mybb | mybb | 1.2 | |
| mybb | mybb | 1.2.0 | |
| mybb | mybb | 1.2.1 | |
| mybb | mybb | 1.2.2 | |
| mybb | mybb | 1.2.3 | |
| mybb | mybb | 1.2.4 | |
| mybb | mybb | 1.2.5 | |
| mybb | mybb | 1.2.6 | |
| mybb | mybb | 1.2.7 | |
| mybb | mybb | 1.2.8 | |
| mybb | mybb | 1.2.9 | |
| mybb | mybb | 1.2.10 | |
| mybb | mybb | 1.2.11 | |
| mybb | mybb | 1.2.12 | |
| mybb | mybb | 1.2.13 | |
| mybb | mybb | 1.03 | |
| mybb | mybb | 1.04 | |
| mybb | mybb | 1.4.0 | |
| mybb | mybb | 1.4.2 | |
| mybb | mybb | 1.4.3 | |
| mybb | mybb | 1.4.6 | |
| mybb | mybb | 1.4.8 | |
| mybb | mybb | 1.4.9 | |
| mybb | mybb | 1.4.10 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "AA9326ED-4299-46B9-B654-0BC7C5282903", versionEndIncluding: "1.4.11", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.00:*:*:*:*:*:*:*", matchCriteriaId: "BD61D970-9363-4A75-A8DB-D0EBA2CF0D53", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.01:*:*:*:*:*:*:*", matchCriteriaId: "990E206E-5E2C-4A68-9FDF-CD47F7524054", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CF143B59-5C78-4BF6-9368-5BCF427B4753", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "B16F6F07-F5A9-47BF-88ED-25F068B68CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "A8A46A48-1361-4DD3-B97D-4C4FC776D68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "337D89AE-1B7A-4101-B1F7-DFEDF2369385", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.4:*:*:*:*:*:*:*", matchCriteriaId: "BE08AF25-EDB1-4DA1-B431-F0692858AAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.5:*:*:*:*:*:*:*", matchCriteriaId: "BF24E7BA-3144-4DBA-9613-A44FBE0822F9", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.6:*:*:*:*:*:*:*", matchCriteriaId: "029430A5-85BD-4258-B58D-F3DCBC625E5B", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.7:*:*:*:*:*:*:*", matchCriteriaId: "4183DB7F-FAB3-4D90-AD87-31CA4150CFDD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.8:*:*:*:*:*:*:*", matchCriteriaId: "3E2B90B8-DC02-4C79-BD69-DEF79945C418", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.02:*:*:*:*:*:*:*", matchCriteriaId: "C5C52215-D236-4D1A-9E30-14B9676FB68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2:*:*:*:*:*:*:*", matchCriteriaId: "4E080342-93CD-4E74-AE60-5858738CE7F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B48D2EDF-86C2-475C-9476-E5A2D586CA0E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B6725373-C229-4B57-BB1E-AF178E19DEB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "36E4C84A-21D5-4C9A-85F8-45C9657CE6F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.3:*:*:*:*:*:*:*", matchCriteriaId: "C7E55085-E3E3-4BB8-A680-19A28D7E88F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "AB01A9AA-AE70-46DF-815A-05D1101EE706", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "98AFD77B-A046-4AB9-B6F4-FFFF66C63C68", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.6:*:*:*:*:*:*:*", matchCriteriaId: "AA00D38E-AAF6-4F66-9203-5C074FC61F30", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.7:*:*:*:*:*:*:*", matchCriteriaId: "137A8CED-BE82-462F-B83C-15F535961E74", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.8:*:*:*:*:*:*:*", matchCriteriaId: "D179FDB6-9B1D-438C-B512-9A5C4F869A4C", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.9:*:*:*:*:*:*:*", matchCriteriaId: "B3E72A13-6B4A-4C7F-B8D9-A2D35E074B67", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.10:*:*:*:*:*:*:*", matchCriteriaId: "3A2D344F-4671-4194-A553-A5773B5DF3B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.11:*:*:*:*:*:*:*", matchCriteriaId: "245760C8-DC10-47F1-843A-461AE2F3DF61", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.12:*:*:*:*:*:*:*", matchCriteriaId: "A055E6BF-3CAC-4C74-8E37-A89E3E0F8559", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.13:*:*:*:*:*:*:*", matchCriteriaId: "1121A071-3709-4B2B-ADF4-EDC560F73E0A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.03:*:*:*:*:*:*:*", matchCriteriaId: "F6ABDEE8-D463-47CA-998D-33472F3382F3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.04:*:*:*:*:*:*:*", matchCriteriaId: "DE44965F-F968-4CD2-9F21-1E1A92F5F7F2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "3FC8864E-161F-408E-93D6-693A9238C494", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9503D6C2-DCBC-4720-BE29-34913950407E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.3:*:*:*:*:*:*:*", matchCriteriaId: "0F6FC2B1-45DF-439E-8BAE-A15A08E7D9F7", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.6:*:*:*:*:*:*:*", matchCriteriaId: "B46B7E13-51F8-4950-BBB4-A03B8E5B4750", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.8:*:*:*:*:*:*:*", matchCriteriaId: "A00F1254-67DE-436D-AB83-1C55639BDBD2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.9:*:*:*:*:*:*:*", matchCriteriaId: "AC2FDC2B-2CB4-433F-9290-3A6BE0A929B5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.10:*:*:*:*:*:*:*", matchCriteriaId: "1FF9452B-CF4B-45F0-8487-23D9CCBB1A4A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict uid values for group join requests, which allows remote attackers to cause a denial of service (resource consumption) by using guest access to submit join request forms for moderated groups, related to usercp.php and managegroup.php.", }, { lang: "es", value: "MyBB (MyBulletinBoard) en versiones anteriores a la 1.4.12 no restringe apropiadamente los valores uid para peticiones de unión de grupo; lo que permite, a atacantes remotos, provocar una denegación de servicio (consumo de todos los recursos) usando un acceso de invitado para enviar formularios de peticiones de unión para grupos moderados. Vulnerabilidad relacionada con usercp.php y managegroup.php.", }, ], id: "CVE-2010-4629", lastModified: "2024-11-21T01:21:24.027", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-12-30T21:00:02.690", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", }, { source: "cve@mitre.org", url: "http://dev.mybboard.net/issues/722", }, { source: "cve@mitre.org", url: "http://dev.mybboard.net/projects/mybb/repository/revisions/4856", }, { source: "cve@mitre.org", url: "http://openwall.com/lists/oss-security/2010/10/08/7", }, { source: "cve@mitre.org", url: "http://openwall.com/lists/oss-security/2010/10/11/8", }, { source: "cve@mitre.org", url: "http://openwall.com/lists/oss-security/2010/12/06/2", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64513", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://dev.mybboard.net/issues/722", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://dev.mybboard.net/projects/mybb/repository/revisions/4856", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://openwall.com/lists/oss-security/2010/10/08/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://openwall.com/lists/oss-security/2010/10/11/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://openwall.com/lists/oss-security/2010/12/06/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64513", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-09-23 23:55
Modified
2024-11-21 01:31
Severity ?
Summary
MyBB (aka MyBulletinBoard) 1.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/3rdparty/diff/Diff/ThreeWay.php and certain other files.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:1.6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5B50C36-C3D7-48FD-805B-4A94E727C93F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB (aka MyBulletinBoard) 1.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/3rdparty/diff/Diff/ThreeWay.php and certain other files.", }, { lang: "es", value: "MyBB (también conocido como MyBulletinBoard) v1.6 permite a atacantes remotos obtener información sensible a través de una petición directa a un archivo .php, lo que revela la ruta de instalación en un mensaje de error, como se demostró con inc/3rdparty/diff/Diff/ThreeWay.php y algunos otros archivos.", }, ], id: "CVE-2011-3759", lastModified: "2024-11-21T01:31:11.813", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-09-23T23:55:04.287", references: [ { source: "cve@mitre.org", url: "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/mybb-1.6", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2011/06/27/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/mybb-1.6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2011/06/27/6", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-12-13 11:03
Modified
2024-11-21 00:03
Severity ?
Summary
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:pr2:*:*:*:*:*:*", matchCriteriaId: "FCA236E2-038D-443E-BF77-2BF21B11BAE6", versionEndIncluding: "1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:beta4:*:*:*:*:*:*", matchCriteriaId: "C14F8B95-1A33-4DA8-8DE4-35C7DC3590CF", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:pr1:*:*:*:*:*:*", matchCriteriaId: "CD7728CD-1FA0-4428-B3FC-883781A699CD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "B85E419B-F9D3-4839-A15C-F22BF9DABFAC", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc2:*:*:*:*:*:*", matchCriteriaId: "EAB8B860-71DC-4F45-9E2A-74BD1C2ED893", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc3:*:*:*:*:*:*", matchCriteriaId: "C67749DF-F8AF-4C88-A120-0F48307C58E1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc4:*:*:*:*:*:*", matchCriteriaId: "FD0820A0-5D85-446F-9B7E-F8DB258A1178", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php.", }, ], id: "CVE-2005-4199", lastModified: "2024-11-21T00:03:40.150", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-12-13T11:03:00.000", references: [ { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0379.html", }, { source: "cve@mitre.org", url: "http://community.mybboard.net/showthread.php?tid=5184&pid=30964#pid30964", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/18000", }, { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/246", }, { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/294", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1015407", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/22156", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/22157", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/22158", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/419067/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/420159/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/15793", }, { source: "cve@mitre.org", url: "http://www.trapkit.de/advisories/TKADV2005-12-001.txt", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.trapkit.de/advisories/TKPN2005-12-001.txt", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2005/2842", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0379.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://community.mybboard.net/showthread.php?tid=5184&pid=30964#pid30964", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/18000", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/246", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/294", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1015407", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/22156", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/22157", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/22158", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/419067/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/420159/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/15793", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.trapkit.de/advisories/TKADV2005-12-001.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.trapkit.de/advisories/TKPN2005-12-001.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2005/2842", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-03-09 22:15
Modified
2024-11-21 06:50
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type `php` with PHP code, executed on on _Change Settings_ pages. This results in a Remote Code Execution (RCE) vulnerability. The vulnerable module requires Admin CP access with the `Can manage settings?` permission. MyBB's Settings module, which allows administrators to add, edit, and delete non-default settings, stores setting data in an options code string ($options_code; mybb_settings.optionscode database column) that identifies the setting type and its options, separated by a new line character (\n). In MyBB 1.2.0, support for setting type php was added, for which the remaining part of the options code is PHP code executed on Change Settings pages (reserved for plugins and internal use). MyBB 1.8.30 resolves this issue. There are no known workarounds.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "362CD6E4-2CC7-42AF-AAAA-5C3A6D47929E", versionEndExcluding: "1.8.30", versionStartIncluding: "1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type `php` with PHP code, executed on on _Change Settings_ pages. This results in a Remote Code Execution (RCE) vulnerability. The vulnerable module requires Admin CP access with the `Can manage settings?` permission. MyBB's Settings module, which allows administrators to add, edit, and delete non-default settings, stores setting data in an options code string ($options_code; mybb_settings.optionscode database column) that identifies the setting type and its options, separated by a new line character (\\n). In MyBB 1.2.0, support for setting type php was added, for which the remaining part of the options code is PHP code executed on Change Settings pages (reserved for plugins and internal use). MyBB 1.8.30 resolves this issue. There are no known workarounds.", }, { lang: "es", value: "MyBB es un software de foros gratuito y de código abierto. En las versiones afectadas, el módulo de gestión de configuraciones del CP de administración no valida correctamente los tipos de configuraciones en la inserción y actualización, lo que hace posible añadir configuraciones de tipo soportado `php` con código PHP, ejecutado en las páginas de _Cambio de Configuraciones_. Esto resulta en una vulnerabilidad de Ejecución Remota de Código (RCE). El módulo vulnerable requiere el acceso al CP de administrador con el permiso `Can manage settings?`. El módulo de configuración de MyBB, que permite a los administradores añadir, editar y eliminar configuraciones no predeterminadas, almacena los datos de configuración en una cadena de código de opciones ($options_code; columna de la base de datos mybb_settings.optionscode) que identifica el tipo de configuración y sus opciones, separadas por un carácter de nueva línea (\\n). En MyBB 1.2.0, se añadió soporte para el tipo de configuración php, para el cual la parte restante del código de opciones es código PHP ejecutado en las páginas de cambio de configuración (reservado para plugins y uso interno). MyBB 1.8.30 resuelve este problema. No se presentan medidas de mitigación conocidas", }, ], id: "CVE-2022-24734", lastModified: "2024-11-21T06:50:58.673", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-03-09T22:15:09.363", references: [ { source: "security-advisories@github.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/167082/MyBB-1.8.29-Remote-Code-Execution.html", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Third Party Advisory", ], url: "http://packetstormsecurity.com/files/167333/MyBB-Admin-Control-Remote-Code-Execution.html", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/commit/92012b9831b330714b9f9b4646a98784113489c1", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-876v-gwgh-w57f", }, { source: "security-advisories@github.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://mybb.com/versions/1.8.30/", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", "VDB Entry", "Vendor Advisory", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-503/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/167082/MyBB-1.8.29-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "http://packetstormsecurity.com/files/167333/MyBB-Admin-Control-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/commit/92012b9831b330714b9f9b4646a98784113489c1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-876v-gwgh-w57f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://mybb.com/versions/1.8.30/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", "Vendor Advisory", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-503/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-31 22:59
Modified
2024-11-21 03:01
Severity ?
Summary
The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94396 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/ | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94396 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/ | Patch, Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | merge_system | * | |
| mybb | mybb | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*", matchCriteriaId: "FC4E25F3-7C9D-45E3-8330-961A56BC3C48", versionEndIncluding: "1.8.7", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "78D16782-41C7-4001-8DD1-C7A09B347733", versionEndIncluding: "1.8.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.", }, { lang: "es", value: "La función fetch_remote_file en MyBB (también conocida como MyBulletinBoard) en versiones anteriores a 1.8.8 y MyBB Merge System en versiones anteriores a 1.8.8 permite a atacantes remotos llevar a cabo ataques de falsificación de solicitud del lado del servidor (SSRF) a través de vectores no especificados.", }, ], id: "CVE-2016-9417", lastModified: "2024-11-21T03:01:09.497", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-31T22:59:01.610", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94396", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94396", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-31 22:59
Modified
2024-11-21 03:01
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in member validation in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94395 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94395 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | Patch, Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | merge_system | * | |
| mybb | mybb | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*", matchCriteriaId: "716986AC-5E6D-4DDD-A553-B88981BDE788", versionEndIncluding: "1.8.6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "2212E819-C064-4963-BCD2-214F09A46902", versionEndIncluding: "1.8.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in member validation in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, { lang: "es", value: "Vulnerabilidad de XSS en la validación de miembros en MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.7 y MyBB Merge System en versiones anteriores a 1.8.7 podrían permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados.", }, ], id: "CVE-2016-9405", lastModified: "2024-11-21T03:01:07.707", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-31T22:59:01.140", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94395", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94395", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-02-22 20:15
Modified
2024-11-21 05:57
Severity ?
Summary
MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCode (aka BBCode).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/mybb/mybb/commit/cb781b49116bf5c4d8deca3e17498122b701677a | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/mybb/mybb/security/advisories/GHSA-6483-hcpp-p75w | Exploit, Third Party Advisory | |
| cve@mitre.org | https://mybb.com/versions/1.8.25/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mybb/mybb/commit/cb781b49116bf5c4d8deca3e17498122b701677a | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mybb/mybb/security/advisories/GHSA-6483-hcpp-p75w | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mybb.com/versions/1.8.25/ | Release Notes, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "F8B31EA3-CFEA-43B3-8348-397BED3FD568", versionEndExcluding: "1.8.25", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCode (aka BBCode).", }, { lang: "es", value: "MyBB versiones anteriores a 1.8.25, permite un ataque de tipo XSS almacenado por medio de etiquetas [correo electrónico] anidadas con MyCode (también se conoce como BBCode)", }, ], id: "CVE-2021-27279", lastModified: "2024-11-21T05:57:45.090", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-02-22T20:15:13.243", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/commit/cb781b49116bf5c4d8deca3e17498122b701677a", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-6483-hcpp-p75w", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://mybb.com/versions/1.8.25/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/commit/cb781b49116bf5c4d8deca3e17498122b701677a", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-6483-hcpp-p75w", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://mybb.com/versions/1.8.25/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-06 19:29
Modified
2024-11-21 04:42
Severity ?
Summary
MyBB 1.8.19 has XSS in the resetpassword function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.mybb.com/ | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/ | Release Notes, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:1.18.19:*:*:*:*:*:*:*", matchCriteriaId: "8D3CF894-368E-4806-AD48-6226EFF4DA92", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB 1.8.19 has XSS in the resetpassword function.", }, { lang: "es", value: "MyBB 1.8.19 tiene el XSSS en la función de restablecimiento de contraseña", }, ], id: "CVE-2019-3578", lastModified: "2024-11-21T04:42:12.293", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-06T19:29:00.597", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-11-04 21:00
Modified
2025-01-17 16:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9503D6C2-DCBC-4720-BE29-34913950407E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames.", }, { lang: "es", value: "MyBB (también conocido como MyBulletinBoard) v1.4.2 no emplea suficiente aleatoriedad para componer los nombres de los ficheros que se hayan subido como adjuntos; esto facilita a los atacantes remotos leer estos ficheros deduciendo su nombre.", }, ], id: "CVE-2008-4929", lastModified: "2025-01-17T16:15:27.347", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2008-11-04T21:00:05.957", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", "Exploit", ], url: "http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Exploit", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2008/11/01/2", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/31936", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.vupen.com/english/advisories/2008/2967", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Exploit", ], url: "http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Exploit", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2008/11/01/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/31936", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.vupen.com/english/advisories/2008/2967", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-330", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-08-13 18:55
Modified
2024-11-21 01:38
Severity ?
Summary
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.7 allow remote administrators to execute arbitrary SQL commands via unspecified vectors in the (1) user search or (2) Mail Log in the Admin Control Panel (ACP).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | mybb | * | |
| mybb | mybb | 1.00 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.01 | |
| mybb | mybb | 1.1.0 | |
| mybb | mybb | 1.1.1 | |
| mybb | mybb | 1.1.2 | |
| mybb | mybb | 1.1.3 | |
| mybb | mybb | 1.1.4 | |
| mybb | mybb | 1.1.5 | |
| mybb | mybb | 1.1.6 | |
| mybb | mybb | 1.1.7 | |
| mybb | mybb | 1.1.8 | |
| mybb | mybb | 1.02 | |
| mybb | mybb | 1.2.0 | |
| mybb | mybb | 1.2.1 | |
| mybb | mybb | 1.2.2 | |
| mybb | mybb | 1.2.3 | |
| mybb | mybb | 1.2.4 | |
| mybb | mybb | 1.2.5 | |
| mybb | mybb | 1.2.6 | |
| mybb | mybb | 1.2.7 | |
| mybb | mybb | 1.2.8 | |
| mybb | mybb | 1.2.9 | |
| mybb | mybb | 1.2.10 | |
| mybb | mybb | 1.2.11 | |
| mybb | mybb | 1.2.12 | |
| mybb | mybb | 1.2.13 | |
| mybb | mybb | 1.2.14 | |
| mybb | mybb | 1.03 | |
| mybb | mybb | 1.3 | |
| mybb | mybb | 1.04 | |
| mybb | mybb | 1.4.0 | |
| mybb | mybb | 1.4.1 | |
| mybb | mybb | 1.4.2 | |
| mybb | mybb | 1.4.3 | |
| mybb | mybb | 1.4.4 | |
| mybb | mybb | 1.4.5 | |
| mybb | mybb | 1.4.6 | |
| mybb | mybb | 1.4.7 | |
| mybb | mybb | 1.4.8 | |
| mybb | mybb | 1.4.9 | |
| mybb | mybb | 1.4.10 | |
| mybb | mybb | 1.4.11 | |
| mybb | mybb | 1.4.12 | |
| mybb | mybb | 1.4.13 | |
| mybb | mybb | 1.4.14 | |
| mybb | mybb | 1.4.15 | |
| mybb | mybb | 1.4.16 | |
| mybb | mybb | 1.5.1 | |
| mybb | mybb | 1.5.2 | |
| mybb | mybb | 1.6.1 | |
| mybb | mybb | 1.6.2 | |
| mybb | mybb | 1.6.3 | |
| mybb | mybb | 1.6.4 | |
| mybb | mybb | 1.6.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "ACDC3261-4AA6-48DD-AF97-EF346DBC3FDD", versionEndIncluding: "1.6.6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.00:*:*:*:*:*:*:*", matchCriteriaId: "BD61D970-9363-4A75-A8DB-D0EBA2CF0D53", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:beta4:*:*:*:*:*:*", matchCriteriaId: "C14F8B95-1A33-4DA8-8DE4-35C7DC3590CF", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:pr1:*:*:*:*:*:*", matchCriteriaId: "CD7728CD-1FA0-4428-B3FC-883781A699CD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:pr2:*:*:*:*:*:*", matchCriteriaId: "0883675F-9442-49E7-8471-C205B7EA201D", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "B85E419B-F9D3-4839-A15C-F22BF9DABFAC", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc2:*:*:*:*:*:*", matchCriteriaId: "EAB8B860-71DC-4F45-9E2A-74BD1C2ED893", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc3:*:*:*:*:*:*", matchCriteriaId: "C67749DF-F8AF-4C88-A120-0F48307C58E1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc4:*:*:*:*:*:*", matchCriteriaId: "FD0820A0-5D85-446F-9B7E-F8DB258A1178", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.01:*:*:*:*:*:*:*", matchCriteriaId: "990E206E-5E2C-4A68-9FDF-CD47F7524054", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CF143B59-5C78-4BF6-9368-5BCF427B4753", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "B16F6F07-F5A9-47BF-88ED-25F068B68CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "A8A46A48-1361-4DD3-B97D-4C4FC776D68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "337D89AE-1B7A-4101-B1F7-DFEDF2369385", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.4:*:*:*:*:*:*:*", matchCriteriaId: "BE08AF25-EDB1-4DA1-B431-F0692858AAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.5:*:*:*:*:*:*:*", matchCriteriaId: "BF24E7BA-3144-4DBA-9613-A44FBE0822F9", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.6:*:*:*:*:*:*:*", matchCriteriaId: "029430A5-85BD-4258-B58D-F3DCBC625E5B", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.7:*:*:*:*:*:*:*", matchCriteriaId: "4183DB7F-FAB3-4D90-AD87-31CA4150CFDD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.8:*:*:*:*:*:*:*", matchCriteriaId: "3E2B90B8-DC02-4C79-BD69-DEF79945C418", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.02:*:*:*:*:*:*:*", matchCriteriaId: "C5C52215-D236-4D1A-9E30-14B9676FB68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B48D2EDF-86C2-475C-9476-E5A2D586CA0E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B6725373-C229-4B57-BB1E-AF178E19DEB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "36E4C84A-21D5-4C9A-85F8-45C9657CE6F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.3:*:*:*:*:*:*:*", matchCriteriaId: "C7E55085-E3E3-4BB8-A680-19A28D7E88F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "AB01A9AA-AE70-46DF-815A-05D1101EE706", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "98AFD77B-A046-4AB9-B6F4-FFFF66C63C68", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.6:*:*:*:*:*:*:*", matchCriteriaId: "AA00D38E-AAF6-4F66-9203-5C074FC61F30", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.7:*:*:*:*:*:*:*", matchCriteriaId: "137A8CED-BE82-462F-B83C-15F535961E74", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.8:*:*:*:*:*:*:*", matchCriteriaId: "D179FDB6-9B1D-438C-B512-9A5C4F869A4C", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.9:*:*:*:*:*:*:*", matchCriteriaId: "B3E72A13-6B4A-4C7F-B8D9-A2D35E074B67", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.10:*:*:*:*:*:*:*", matchCriteriaId: "3A2D344F-4671-4194-A553-A5773B5DF3B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.11:*:*:*:*:*:*:*", matchCriteriaId: "245760C8-DC10-47F1-843A-461AE2F3DF61", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.12:*:*:*:*:*:*:*", matchCriteriaId: "A055E6BF-3CAC-4C74-8E37-A89E3E0F8559", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.13:*:*:*:*:*:*:*", matchCriteriaId: "1121A071-3709-4B2B-ADF4-EDC560F73E0A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.14:*:*:*:*:*:*:*", matchCriteriaId: "71FD2842-7E00-440F-8A93-9D3F45A004DB", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.03:*:*:*:*:*:*:*", matchCriteriaId: "F6ABDEE8-D463-47CA-998D-33472F3382F3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.3:pre-1.0:*:*:*:*:*:*", matchCriteriaId: "16C45BFE-A083-4DC8-A2E5-9BCE543F5AE4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.04:*:*:*:*:*:*:*", matchCriteriaId: "DE44965F-F968-4CD2-9F21-1E1A92F5F7F2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "3FC8864E-161F-408E-93D6-693A9238C494", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "4C5965DE-D9B6-4074-B14B-ABCAAAAB872B", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9503D6C2-DCBC-4720-BE29-34913950407E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.3:*:*:*:*:*:*:*", matchCriteriaId: "0F6FC2B1-45DF-439E-8BAE-A15A08E7D9F7", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.4:*:*:*:*:*:*:*", matchCriteriaId: "853E94FE-A56F-44B0-87FE-DE5927B7A547", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.5:*:*:*:*:*:*:*", matchCriteriaId: "49C7F758-9E38-4870-85C3-11E350F96641", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.6:*:*:*:*:*:*:*", matchCriteriaId: "B46B7E13-51F8-4950-BBB4-A03B8E5B4750", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.7:*:*:*:*:*:*:*", matchCriteriaId: "58C9C804-6901-412C-B178-183417BD5C04", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.8:*:*:*:*:*:*:*", matchCriteriaId: "A00F1254-67DE-436D-AB83-1C55639BDBD2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.9:*:*:*:*:*:*:*", matchCriteriaId: "AC2FDC2B-2CB4-433F-9290-3A6BE0A929B5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.10:*:*:*:*:*:*:*", matchCriteriaId: "1FF9452B-CF4B-45F0-8487-23D9CCBB1A4A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.11:*:*:*:*:*:*:*", matchCriteriaId: "2021275B-D61A-4309-8876-5354E115CB29", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.12:*:*:*:*:*:*:*", matchCriteriaId: "7925DEA1-8062-45C9-94E7-19D8FACEAFCD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.13:*:*:*:*:*:*:*", matchCriteriaId: "D35E537F-0F49-40AB-9E97-7898D91353D1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.14:*:*:*:*:*:*:*", matchCriteriaId: "BCDC1181-A2B7-4D1B-B2BF-DAC9E58E88C3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.15:*:*:*:*:*:*:*", matchCriteriaId: "57C37D10-B945-4674-A846-BCEC573FF93C", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.16:*:*:*:*:*:*:*", matchCriteriaId: "4FD245B9-1381-4A1B-AF47-F28349FA6F52", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "2AFD7848-56E4-4608-82E7-CFF46A8809AC", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.5.2:*:*:*:*:*:*:*", matchCriteriaId: "CC489F94-3545-4E1A-AE9E-B88EB1A7D516", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.1:*:*:*:*:*:*:*", matchCriteriaId: "FBEB75D4-FAA4-4A5B-AA0A-57EE8EE88E61", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.2:*:*:*:*:*:*:*", matchCriteriaId: "00E51ABC-9F77-4028-BE47-D5BFD4FEC749", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.3:*:*:*:*:*:*:*", matchCriteriaId: "E0BD20D9-0DFC-451F-9C71-38C6D0236CF2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.4:*:*:*:*:*:*:*", matchCriteriaId: "FDFE35CB-05CC-4E6F-B188-1141773E7F10", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.5:*:*:*:*:*:*:*", matchCriteriaId: "22A90F66-DAE9-45FC-B255-390D569CCC56", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.7 allow remote administrators to execute arbitrary SQL commands via unspecified vectors in the (1) user search or (2) Mail Log in the Admin Control Panel (ACP).", }, { lang: "es", value: "Múltiples vulnerabilidades de inyección SQL en MyBB (alias MyBulletinBoard) antes de v1.6.7 permiten a los administradores remotos ejecutar comandos SQL a través de vectores no especificados en (1) la búsqueda de usuarios o (2) el registro de correo en el Panel de Control de Administración (ACP).\r\n", }, ], id: "CVE-2012-2324", lastModified: "2024-11-21T01:38:53.527", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-08-13T18:55:01.037", references: [ { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/05/07/13", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/05/07/14", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/53417", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/05/07/13", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/05/07/14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/53417", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-04 18:15
Modified
2024-11-21 06:28
Severity ?
Summary
MyBB before 1.8.29 allows Remote Code Injection by an admin with the "Can manage settings?" permission. The Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type "php" with PHP code, executed on Change Settings pages.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/mybb/mybb/security/advisories/GHSA-8gxx-vmr9-h39p | Patch, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mybb/mybb/security/advisories/GHSA-8gxx-vmr9-h39p | Patch, Release Notes, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "F65391CA-449D-44EE-8A72-C9906C5A4A6F", versionEndExcluding: "1.8.29", versionStartIncluding: "1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB before 1.8.29 allows Remote Code Injection by an admin with the \"Can manage settings?\" permission. The Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type \"php\" with PHP code, executed on Change Settings pages.", }, { lang: "es", value: "MyBB versiones anteriores a 1.8.29, permite una Inyección de Código Remota por parte de un administrador con el permiso \"Can manage settings?\". El módulo de administración de configuraciones del CP del Administrador no comprueba correctamente los tipos de configuraciones al insertarlas y actualizarlas, haciendo posible añadir configuraciones del tipo \"php\" con código PHP, ejecutado en las páginas de cambio de configuraciones", }, ], id: "CVE-2021-43281", lastModified: "2024-11-21T06:28:59.587", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-04T18:15:08.797", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-8gxx-vmr9-h39p", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-8gxx-vmr9-h39p", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-08-13 18:55
Modified
2024-11-21 01:38
Severity ?
Summary
MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obtain sensitive information via a malformed forumread cookie, which reveals the installation path in an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | mybb | * | |
| mybb | mybb | 1.00 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.01 | |
| mybb | mybb | 1.1.0 | |
| mybb | mybb | 1.1.1 | |
| mybb | mybb | 1.1.2 | |
| mybb | mybb | 1.1.3 | |
| mybb | mybb | 1.1.4 | |
| mybb | mybb | 1.1.5 | |
| mybb | mybb | 1.1.6 | |
| mybb | mybb | 1.1.7 | |
| mybb | mybb | 1.1.8 | |
| mybb | mybb | 1.02 | |
| mybb | mybb | 1.2.0 | |
| mybb | mybb | 1.2.1 | |
| mybb | mybb | 1.2.2 | |
| mybb | mybb | 1.2.3 | |
| mybb | mybb | 1.2.4 | |
| mybb | mybb | 1.2.5 | |
| mybb | mybb | 1.2.6 | |
| mybb | mybb | 1.2.7 | |
| mybb | mybb | 1.2.8 | |
| mybb | mybb | 1.2.9 | |
| mybb | mybb | 1.2.10 | |
| mybb | mybb | 1.2.11 | |
| mybb | mybb | 1.2.12 | |
| mybb | mybb | 1.2.13 | |
| mybb | mybb | 1.2.14 | |
| mybb | mybb | 1.03 | |
| mybb | mybb | 1.3 | |
| mybb | mybb | 1.04 | |
| mybb | mybb | 1.4.0 | |
| mybb | mybb | 1.4.1 | |
| mybb | mybb | 1.4.2 | |
| mybb | mybb | 1.4.3 | |
| mybb | mybb | 1.4.4 | |
| mybb | mybb | 1.4.5 | |
| mybb | mybb | 1.4.6 | |
| mybb | mybb | 1.4.7 | |
| mybb | mybb | 1.4.8 | |
| mybb | mybb | 1.4.9 | |
| mybb | mybb | 1.4.10 | |
| mybb | mybb | 1.4.11 | |
| mybb | mybb | 1.4.12 | |
| mybb | mybb | 1.4.13 | |
| mybb | mybb | 1.4.14 | |
| mybb | mybb | 1.4.15 | |
| mybb | mybb | 1.4.16 | |
| mybb | mybb | 1.5.1 | |
| mybb | mybb | 1.5.2 | |
| mybb | mybb | 1.6.1 | |
| mybb | mybb | 1.6.2 | |
| mybb | mybb | 1.6.3 | |
| mybb | mybb | 1.6.4 | |
| mybb | mybb | 1.6.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "ACDC3261-4AA6-48DD-AF97-EF346DBC3FDD", versionEndIncluding: "1.6.6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.00:*:*:*:*:*:*:*", matchCriteriaId: "BD61D970-9363-4A75-A8DB-D0EBA2CF0D53", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:beta4:*:*:*:*:*:*", matchCriteriaId: "C14F8B95-1A33-4DA8-8DE4-35C7DC3590CF", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:pr1:*:*:*:*:*:*", matchCriteriaId: "CD7728CD-1FA0-4428-B3FC-883781A699CD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:pr2:*:*:*:*:*:*", matchCriteriaId: "0883675F-9442-49E7-8471-C205B7EA201D", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "B85E419B-F9D3-4839-A15C-F22BF9DABFAC", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc2:*:*:*:*:*:*", matchCriteriaId: "EAB8B860-71DC-4F45-9E2A-74BD1C2ED893", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc3:*:*:*:*:*:*", matchCriteriaId: "C67749DF-F8AF-4C88-A120-0F48307C58E1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc4:*:*:*:*:*:*", matchCriteriaId: "FD0820A0-5D85-446F-9B7E-F8DB258A1178", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.01:*:*:*:*:*:*:*", matchCriteriaId: "990E206E-5E2C-4A68-9FDF-CD47F7524054", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CF143B59-5C78-4BF6-9368-5BCF427B4753", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "B16F6F07-F5A9-47BF-88ED-25F068B68CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "A8A46A48-1361-4DD3-B97D-4C4FC776D68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "337D89AE-1B7A-4101-B1F7-DFEDF2369385", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.4:*:*:*:*:*:*:*", matchCriteriaId: "BE08AF25-EDB1-4DA1-B431-F0692858AAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.5:*:*:*:*:*:*:*", matchCriteriaId: "BF24E7BA-3144-4DBA-9613-A44FBE0822F9", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.6:*:*:*:*:*:*:*", matchCriteriaId: "029430A5-85BD-4258-B58D-F3DCBC625E5B", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.7:*:*:*:*:*:*:*", matchCriteriaId: "4183DB7F-FAB3-4D90-AD87-31CA4150CFDD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.8:*:*:*:*:*:*:*", matchCriteriaId: "3E2B90B8-DC02-4C79-BD69-DEF79945C418", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.02:*:*:*:*:*:*:*", matchCriteriaId: "C5C52215-D236-4D1A-9E30-14B9676FB68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B48D2EDF-86C2-475C-9476-E5A2D586CA0E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B6725373-C229-4B57-BB1E-AF178E19DEB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "36E4C84A-21D5-4C9A-85F8-45C9657CE6F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.3:*:*:*:*:*:*:*", matchCriteriaId: "C7E55085-E3E3-4BB8-A680-19A28D7E88F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "AB01A9AA-AE70-46DF-815A-05D1101EE706", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "98AFD77B-A046-4AB9-B6F4-FFFF66C63C68", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.6:*:*:*:*:*:*:*", matchCriteriaId: "AA00D38E-AAF6-4F66-9203-5C074FC61F30", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.7:*:*:*:*:*:*:*", matchCriteriaId: "137A8CED-BE82-462F-B83C-15F535961E74", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.8:*:*:*:*:*:*:*", matchCriteriaId: "D179FDB6-9B1D-438C-B512-9A5C4F869A4C", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.9:*:*:*:*:*:*:*", matchCriteriaId: "B3E72A13-6B4A-4C7F-B8D9-A2D35E074B67", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.10:*:*:*:*:*:*:*", matchCriteriaId: "3A2D344F-4671-4194-A553-A5773B5DF3B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.11:*:*:*:*:*:*:*", matchCriteriaId: "245760C8-DC10-47F1-843A-461AE2F3DF61", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.12:*:*:*:*:*:*:*", matchCriteriaId: "A055E6BF-3CAC-4C74-8E37-A89E3E0F8559", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.13:*:*:*:*:*:*:*", matchCriteriaId: "1121A071-3709-4B2B-ADF4-EDC560F73E0A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.14:*:*:*:*:*:*:*", matchCriteriaId: "71FD2842-7E00-440F-8A93-9D3F45A004DB", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.03:*:*:*:*:*:*:*", matchCriteriaId: "F6ABDEE8-D463-47CA-998D-33472F3382F3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.3:pre-1.0:*:*:*:*:*:*", matchCriteriaId: "16C45BFE-A083-4DC8-A2E5-9BCE543F5AE4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.04:*:*:*:*:*:*:*", matchCriteriaId: "DE44965F-F968-4CD2-9F21-1E1A92F5F7F2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "3FC8864E-161F-408E-93D6-693A9238C494", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "4C5965DE-D9B6-4074-B14B-ABCAAAAB872B", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9503D6C2-DCBC-4720-BE29-34913950407E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.3:*:*:*:*:*:*:*", matchCriteriaId: "0F6FC2B1-45DF-439E-8BAE-A15A08E7D9F7", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.4:*:*:*:*:*:*:*", matchCriteriaId: "853E94FE-A56F-44B0-87FE-DE5927B7A547", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.5:*:*:*:*:*:*:*", matchCriteriaId: "49C7F758-9E38-4870-85C3-11E350F96641", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.6:*:*:*:*:*:*:*", matchCriteriaId: "B46B7E13-51F8-4950-BBB4-A03B8E5B4750", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.7:*:*:*:*:*:*:*", matchCriteriaId: "58C9C804-6901-412C-B178-183417BD5C04", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.8:*:*:*:*:*:*:*", matchCriteriaId: "A00F1254-67DE-436D-AB83-1C55639BDBD2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.9:*:*:*:*:*:*:*", matchCriteriaId: "AC2FDC2B-2CB4-433F-9290-3A6BE0A929B5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.10:*:*:*:*:*:*:*", matchCriteriaId: "1FF9452B-CF4B-45F0-8487-23D9CCBB1A4A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.11:*:*:*:*:*:*:*", matchCriteriaId: "2021275B-D61A-4309-8876-5354E115CB29", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.12:*:*:*:*:*:*:*", matchCriteriaId: "7925DEA1-8062-45C9-94E7-19D8FACEAFCD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.13:*:*:*:*:*:*:*", matchCriteriaId: "D35E537F-0F49-40AB-9E97-7898D91353D1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.14:*:*:*:*:*:*:*", matchCriteriaId: "BCDC1181-A2B7-4D1B-B2BF-DAC9E58E88C3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.15:*:*:*:*:*:*:*", matchCriteriaId: "57C37D10-B945-4674-A846-BCEC573FF93C", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.16:*:*:*:*:*:*:*", matchCriteriaId: "4FD245B9-1381-4A1B-AF47-F28349FA6F52", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "2AFD7848-56E4-4608-82E7-CFF46A8809AC", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.5.2:*:*:*:*:*:*:*", matchCriteriaId: "CC489F94-3545-4E1A-AE9E-B88EB1A7D516", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.1:*:*:*:*:*:*:*", matchCriteriaId: "FBEB75D4-FAA4-4A5B-AA0A-57EE8EE88E61", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.2:*:*:*:*:*:*:*", matchCriteriaId: "00E51ABC-9F77-4028-BE47-D5BFD4FEC749", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.3:*:*:*:*:*:*:*", matchCriteriaId: "E0BD20D9-0DFC-451F-9C71-38C6D0236CF2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.4:*:*:*:*:*:*:*", matchCriteriaId: "FDFE35CB-05CC-4E6F-B188-1141773E7F10", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.5:*:*:*:*:*:*:*", matchCriteriaId: "22A90F66-DAE9-45FC-B255-390D569CCC56", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obtain sensitive information via a malformed forumread cookie, which reveals the installation path in an error message.", }, { lang: "es", value: "MyBB (también conocido como MyBulletinBoard) antes de v1.6.7 permite a atacantes remotos obtener información sensible a través de una cookie forumread incorrecta, lo cual revela la ruta de instalación en un mensaje de error.\r\n", }, ], id: "CVE-2012-2327", lastModified: "2024-11-21T01:38:53.883", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-08-13T18:55:03.630", references: [ { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/05/07/13", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/05/07/14", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/53417", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/05/07/13", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/05/07/14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/53417", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-09-11 01:13
Modified
2024-11-21 00:50
Severity ?
Summary
moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | mybb | * | |
| mybb | mybb | 1.00 | |
| mybb | mybb | 1.01 | |
| mybb | mybb | 1.1.0 | |
| mybb | mybb | 1.1.1 | |
| mybb | mybb | 1.1.2 | |
| mybb | mybb | 1.1.3 | |
| mybb | mybb | 1.1.4 | |
| mybb | mybb | 1.1.5 | |
| mybb | mybb | 1.1.6 | |
| mybb | mybb | 1.1.7 | |
| mybb | mybb | 1.1.8 | |
| mybb | mybb | 1.02 | |
| mybb | mybb | 1.2 | |
| mybb | mybb | 1.2.0 | |
| mybb | mybb | 1.2.1 | |
| mybb | mybb | 1.2.2 | |
| mybb | mybb | 1.2.3 | |
| mybb | mybb | 1.2.4 | |
| mybb | mybb | 1.2.5 | |
| mybb | mybb | 1.2.6 | |
| mybb | mybb | 1.2.7 | |
| mybb | mybb | 1.2.8 | |
| mybb | mybb | 1.2.9 | |
| mybb | mybb | 1.2.10 | |
| mybb | mybb | 1.2.11 | |
| mybb | mybb | 1.2.12 | |
| mybb | mybb | 1.2.13 | |
| mybb | mybb | 1.03 | |
| mybb | mybb | 1.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "BE928783-BD14-4BCD-BC6E-13E406431705", versionEndIncluding: "1.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.00:*:*:*:*:*:*:*", matchCriteriaId: "BD61D970-9363-4A75-A8DB-D0EBA2CF0D53", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.01:*:*:*:*:*:*:*", matchCriteriaId: "990E206E-5E2C-4A68-9FDF-CD47F7524054", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CF143B59-5C78-4BF6-9368-5BCF427B4753", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "B16F6F07-F5A9-47BF-88ED-25F068B68CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "A8A46A48-1361-4DD3-B97D-4C4FC776D68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "337D89AE-1B7A-4101-B1F7-DFEDF2369385", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.4:*:*:*:*:*:*:*", matchCriteriaId: "BE08AF25-EDB1-4DA1-B431-F0692858AAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.5:*:*:*:*:*:*:*", matchCriteriaId: "BF24E7BA-3144-4DBA-9613-A44FBE0822F9", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.6:*:*:*:*:*:*:*", matchCriteriaId: "029430A5-85BD-4258-B58D-F3DCBC625E5B", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.7:*:*:*:*:*:*:*", matchCriteriaId: "4183DB7F-FAB3-4D90-AD87-31CA4150CFDD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.8:*:*:*:*:*:*:*", matchCriteriaId: "3E2B90B8-DC02-4C79-BD69-DEF79945C418", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.02:*:*:*:*:*:*:*", matchCriteriaId: "C5C52215-D236-4D1A-9E30-14B9676FB68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2:*:*:*:*:*:*:*", matchCriteriaId: "4E080342-93CD-4E74-AE60-5858738CE7F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B48D2EDF-86C2-475C-9476-E5A2D586CA0E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B6725373-C229-4B57-BB1E-AF178E19DEB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "36E4C84A-21D5-4C9A-85F8-45C9657CE6F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.3:*:*:*:*:*:*:*", matchCriteriaId: "C7E55085-E3E3-4BB8-A680-19A28D7E88F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "AB01A9AA-AE70-46DF-815A-05D1101EE706", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "98AFD77B-A046-4AB9-B6F4-FFFF66C63C68", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.6:*:*:*:*:*:*:*", matchCriteriaId: "AA00D38E-AAF6-4F66-9203-5C074FC61F30", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.7:*:*:*:*:*:*:*", matchCriteriaId: "137A8CED-BE82-462F-B83C-15F535961E74", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.8:*:*:*:*:*:*:*", matchCriteriaId: "D179FDB6-9B1D-438C-B512-9A5C4F869A4C", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.9:*:*:*:*:*:*:*", matchCriteriaId: "B3E72A13-6B4A-4C7F-B8D9-A2D35E074B67", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.10:*:*:*:*:*:*:*", matchCriteriaId: "3A2D344F-4671-4194-A553-A5773B5DF3B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.11:*:*:*:*:*:*:*", matchCriteriaId: "245760C8-DC10-47F1-843A-461AE2F3DF61", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.12:*:*:*:*:*:*:*", matchCriteriaId: "A055E6BF-3CAC-4C74-8E37-A89E3E0F8559", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.13:*:*:*:*:*:*:*", matchCriteriaId: "1121A071-3709-4B2B-ADF4-EDC560F73E0A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.03:*:*:*:*:*:*:*", matchCriteriaId: "F6ABDEE8-D463-47CA-998D-33472F3382F3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.04:*:*:*:*:*:*:*", matchCriteriaId: "DE44965F-F968-4CD2-9F21-1E1A92F5F7F2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors.", }, { lang: "es", value: "moderation.php en MyBB (también conocido como MyBulletinBoard) versiones anteriores a 1.4.1 no comprueba adecuadamente los privilegios del moderados, lo cual tiene un impacto y vectores de ataque desconocidos.", }, ], evaluatorSolution: "Patch information - http://community.mybboard.net/showthread.php?tid=36022\r\n", id: "CVE-2008-3967", lastModified: "2024-11-21T00:50:35.913", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-09-11T01:13:47.710", references: [ { source: "cve@mitre.org", url: "http://community.mybboard.net/attachment.php?aid=10579", }, { source: "cve@mitre.org", url: "http://community.mybboard.net/showthread.php?tid=36022", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/31760", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2008/09/09/1", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2008/09/09/9", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/31104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://community.mybboard.net/attachment.php?aid=10579", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://community.mybboard.net/showthread.php?tid=36022", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/31760", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2008/09/09/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2008/09/09/9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/31104", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-31 22:59
Modified
2024-11-21 03:01
Severity ?
Summary
SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94395 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94395 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | Patch, Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | merge_system | * | |
| mybb | mybb | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*", matchCriteriaId: "716986AC-5E6D-4DDD-A553-B88981BDE788", versionEndIncluding: "1.8.6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "2212E819-C064-4963-BCD2-214F09A46902", versionEndIncluding: "1.8.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors.", }, { lang: "es", value: "Vulnerabilidad de inyección SQL en la herramienta de moderación en MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.7 y MyBB Merge System en versiones anteriores a 1.8.7 podrían permitir a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados.", }, ], id: "CVE-2016-9402", lastModified: "2024-11-21T03:01:07.280", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-31T22:59:01.017", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94395", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94395", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-02 15:15
Modified
2024-11-21 04:38
Severity ?
Summary
MyBB before 1.8.22 allows an open redirect on login.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.mybb.com/2019/12/30/mybb-1-8-22-released-security-maintenance-release/ | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://mybb.com/versions/1.8.22/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2019/12/30/mybb-1-8-22-released-security-maintenance-release/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mybb.com/versions/1.8.22/ | Release Notes, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "7B03E0B1-4D3E-48F1-BE5B-BCF4A338CC34", versionEndExcluding: "1.8.22", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB before 1.8.22 allows an open redirect on login.", }, { lang: "es", value: "MyBB versiones anteriores a la versión 1.8.22, permite un redireccionamiento abierto sobre el inicio de sesión.", }, ], id: "CVE-2019-20225", lastModified: "2024-11-21T04:38:14.847", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-02T15:15:12.583", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2019/12/30/mybb-1-8-22-released-security-maintenance-release/", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://mybb.com/versions/1.8.22/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2019/12/30/mybb-1-8-22-released-security-maintenance-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://mybb.com/versions/1.8.22/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-601", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-15 18:15
Modified
2024-11-21 05:58
Severity ?
Summary
SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. (issue 2 of 3).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/mybb/mybb/security/advisories/GHSA-jjx8-8mcp-7h65 | Patch, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mybb/mybb/security/advisories/GHSA-jjx8-8mcp-7h65 | Patch, Release Notes, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "E92578FF-AAA5-4F8F-8D78-0662DB9BB02C", versionEndExcluding: "1.8.26", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. (issue 2 of 3).", }, { lang: "es", value: "Una vulnerabilidad de inyección SQL en MyBB versiones anteriores a 1.8.26, por medio de la funcionalidad Copy Forum en Forum Management. (número 2 de 3)", }, ], id: "CVE-2021-27947", lastModified: "2024-11-21T05:58:53.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-15T18:15:18.830", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-jjx8-8mcp-7h65", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-jjx8-8mcp-7h65", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-31 22:59
Modified
2024-11-21 03:01
Severity ?
Summary
MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to obtain sensitive database information via vectors involving templates.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94395 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | Patch, Third Party Advisory, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94395 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | Patch, Third Party Advisory, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | merge_system | * | |
| mybb | mybb | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*", matchCriteriaId: "716986AC-5E6D-4DDD-A553-B88981BDE788", versionEndIncluding: "1.8.6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "2212E819-C064-4963-BCD2-214F09A46902", versionEndIncluding: "1.8.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to obtain sensitive database information via vectors involving templates.", }, { lang: "es", value: "MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.7 y MyBB Merge System en versiones anteriores a 1.8.7 pueden permitir a atacantes remotos obtener información sensible de la base de datos a través de vectores relacionados con plantillas.", }, ], id: "CVE-2016-9410", lastModified: "2024-11-21T03:01:08.470", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-31T22:59:01.347", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94395", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94395", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-31 22:59
Modified
2024-11-21 03:01
Severity ?
Summary
SQL injection vulnerability in the users data handler in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94396 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/ | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94396 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/ | Patch, Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | merge_system | * | |
| mybb | mybb | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*", matchCriteriaId: "FC4E25F3-7C9D-45E3-8330-961A56BC3C48", versionEndIncluding: "1.8.7", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "78D16782-41C7-4001-8DD1-C7A09B347733", versionEndIncluding: "1.8.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in the users data handler in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.", }, { lang: "es", value: "Vulnerabilidad de inyección SQL en el manejador de datos de usuarios en MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.8 y MyBB Merge System en versiones anteriores a 1.8.8 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados.", }, ], id: "CVE-2016-9416", lastModified: "2024-11-21T03:01:09.363", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-31T22:59:01.580", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94396", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94396", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-12-30 21:00
Modified
2024-11-21 01:21
Severity ?
Summary
MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated users to bypass intended restrictions on the number of [img] MyCodes by editing a post after it has been created.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | mybb | * | |
| mybb | mybb | 1.00 | |
| mybb | mybb | 1.01 | |
| mybb | mybb | 1.1.0 | |
| mybb | mybb | 1.1.1 | |
| mybb | mybb | 1.1.2 | |
| mybb | mybb | 1.1.3 | |
| mybb | mybb | 1.1.4 | |
| mybb | mybb | 1.1.5 | |
| mybb | mybb | 1.1.6 | |
| mybb | mybb | 1.1.7 | |
| mybb | mybb | 1.1.8 | |
| mybb | mybb | 1.02 | |
| mybb | mybb | 1.2 | |
| mybb | mybb | 1.2.0 | |
| mybb | mybb | 1.2.1 | |
| mybb | mybb | 1.2.2 | |
| mybb | mybb | 1.2.3 | |
| mybb | mybb | 1.2.4 | |
| mybb | mybb | 1.2.5 | |
| mybb | mybb | 1.2.6 | |
| mybb | mybb | 1.2.7 | |
| mybb | mybb | 1.2.8 | |
| mybb | mybb | 1.2.9 | |
| mybb | mybb | 1.2.10 | |
| mybb | mybb | 1.2.11 | |
| mybb | mybb | 1.2.12 | |
| mybb | mybb | 1.2.13 | |
| mybb | mybb | 1.03 | |
| mybb | mybb | 1.04 | |
| mybb | mybb | 1.4.0 | |
| mybb | mybb | 1.4.2 | |
| mybb | mybb | 1.4.3 | |
| mybb | mybb | 1.4.6 | |
| mybb | mybb | 1.4.8 | |
| mybb | mybb | 1.4.9 | |
| mybb | mybb | 1.4.10 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "AA9326ED-4299-46B9-B654-0BC7C5282903", versionEndIncluding: "1.4.11", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.00:*:*:*:*:*:*:*", matchCriteriaId: "BD61D970-9363-4A75-A8DB-D0EBA2CF0D53", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.01:*:*:*:*:*:*:*", matchCriteriaId: "990E206E-5E2C-4A68-9FDF-CD47F7524054", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CF143B59-5C78-4BF6-9368-5BCF427B4753", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "B16F6F07-F5A9-47BF-88ED-25F068B68CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "A8A46A48-1361-4DD3-B97D-4C4FC776D68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "337D89AE-1B7A-4101-B1F7-DFEDF2369385", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.4:*:*:*:*:*:*:*", matchCriteriaId: "BE08AF25-EDB1-4DA1-B431-F0692858AAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.5:*:*:*:*:*:*:*", matchCriteriaId: "BF24E7BA-3144-4DBA-9613-A44FBE0822F9", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.6:*:*:*:*:*:*:*", matchCriteriaId: "029430A5-85BD-4258-B58D-F3DCBC625E5B", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.7:*:*:*:*:*:*:*", matchCriteriaId: "4183DB7F-FAB3-4D90-AD87-31CA4150CFDD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.8:*:*:*:*:*:*:*", matchCriteriaId: "3E2B90B8-DC02-4C79-BD69-DEF79945C418", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.02:*:*:*:*:*:*:*", matchCriteriaId: "C5C52215-D236-4D1A-9E30-14B9676FB68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2:*:*:*:*:*:*:*", matchCriteriaId: "4E080342-93CD-4E74-AE60-5858738CE7F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B48D2EDF-86C2-475C-9476-E5A2D586CA0E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B6725373-C229-4B57-BB1E-AF178E19DEB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "36E4C84A-21D5-4C9A-85F8-45C9657CE6F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.3:*:*:*:*:*:*:*", matchCriteriaId: "C7E55085-E3E3-4BB8-A680-19A28D7E88F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "AB01A9AA-AE70-46DF-815A-05D1101EE706", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "98AFD77B-A046-4AB9-B6F4-FFFF66C63C68", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.6:*:*:*:*:*:*:*", matchCriteriaId: "AA00D38E-AAF6-4F66-9203-5C074FC61F30", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.7:*:*:*:*:*:*:*", matchCriteriaId: "137A8CED-BE82-462F-B83C-15F535961E74", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.8:*:*:*:*:*:*:*", matchCriteriaId: "D179FDB6-9B1D-438C-B512-9A5C4F869A4C", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.9:*:*:*:*:*:*:*", matchCriteriaId: "B3E72A13-6B4A-4C7F-B8D9-A2D35E074B67", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.10:*:*:*:*:*:*:*", matchCriteriaId: "3A2D344F-4671-4194-A553-A5773B5DF3B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.11:*:*:*:*:*:*:*", matchCriteriaId: "245760C8-DC10-47F1-843A-461AE2F3DF61", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.12:*:*:*:*:*:*:*", matchCriteriaId: "A055E6BF-3CAC-4C74-8E37-A89E3E0F8559", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.13:*:*:*:*:*:*:*", matchCriteriaId: "1121A071-3709-4B2B-ADF4-EDC560F73E0A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.03:*:*:*:*:*:*:*", matchCriteriaId: "F6ABDEE8-D463-47CA-998D-33472F3382F3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.04:*:*:*:*:*:*:*", matchCriteriaId: "DE44965F-F968-4CD2-9F21-1E1A92F5F7F2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "3FC8864E-161F-408E-93D6-693A9238C494", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9503D6C2-DCBC-4720-BE29-34913950407E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.3:*:*:*:*:*:*:*", matchCriteriaId: "0F6FC2B1-45DF-439E-8BAE-A15A08E7D9F7", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.6:*:*:*:*:*:*:*", matchCriteriaId: "B46B7E13-51F8-4950-BBB4-A03B8E5B4750", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.8:*:*:*:*:*:*:*", matchCriteriaId: "A00F1254-67DE-436D-AB83-1C55639BDBD2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.9:*:*:*:*:*:*:*", matchCriteriaId: "AC2FDC2B-2CB4-433F-9290-3A6BE0A929B5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.10:*:*:*:*:*:*:*", matchCriteriaId: "1FF9452B-CF4B-45F0-8487-23D9CCBB1A4A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated users to bypass intended restrictions on the number of [img] MyCodes by editing a post after it has been created.", }, { lang: "es", value: "MyBB (MyBulletinBoard) en versiones anteriores a la 1.4.12 permite a usuarios autenticados remotos evitar las restricciones previstas en el número de [img] MyCodes editando un post después de que haya sido creado.", }, ], id: "CVE-2010-4624", lastModified: "2024-11-21T01:21:23.340", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-12-30T21:00:02.410", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", }, { source: "cve@mitre.org", url: "http://dev.mybboard.net/issues/728", }, { source: "cve@mitre.org", url: "http://openwall.com/lists/oss-security/2010/10/08/7", }, { source: "cve@mitre.org", url: "http://openwall.com/lists/oss-security/2010/10/11/8", }, { source: "cve@mitre.org", url: "http://openwall.com/lists/oss-security/2010/12/06/2", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64518", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://dev.mybboard.net/issues/728", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://openwall.com/lists/oss-security/2010/10/08/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://openwall.com/lists/oss-security/2010/10/11/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://openwall.com/lists/oss-security/2010/12/06/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64518", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-12-03 21:59
Modified
2024-11-21 02:20
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to report.php, (2) signature parameter in a do_editsig action to usercp.php, or (3) title parameter in the style-templates module in an edit_template action or (4) file parameter in the config-languages module in an edit action to admin/index.php.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:1.8.0:*:*:*:*:*:*:*", matchCriteriaId: "E697D13C-5594-491B-B911-3B4BEA00AFCC", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.8.1:*:*:*:*:*:*:*", matchCriteriaId: "00724054-858F-4322-8BE5-F6929CC2CAD8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to report.php, (2) signature parameter in a do_editsig action to usercp.php, or (3) title parameter in the style-templates module in an edit_template action or (4) file parameter in the config-languages module in an edit action to admin/index.php.", }, { lang: "es", value: "Múltiples vulnerabilidades de XSS en MyBB (también conocido como MyBulletinBoard) 1.8.x anterior a 1.8.2 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del (1) parámetro type en report.php, (2) parámetro signature en una acción do_editsig en usercp.php, o (3) parámetro title en el módulo style-templates en una acción edit_template o (4) parámetro file en el módulo config-languages en una acción edit en admin/index.php.", }, ], id: "CVE-2014-9241", lastModified: "2024-11-21T02:20:27.937", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2014-12-03T21:59:11.587", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2014/11/13/mybb-1-8-2-released-security-release/", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://packetstormsecurity.com/files/129109/MyBB-1.8.1-Cross-Site-Scripting-SQL-Injection.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2014/11/13/mybb-1-8-2-released-security-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://packetstormsecurity.com/files/129109/MyBB-1.8.1-Cross-Site-Scripting-SQL-Injection.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-08-13 18:55
Modified
2024-11-21 01:38
Severity ?
Summary
SQL injection vulnerability in the User Inline Moderation feature in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | mybb | * | |
| mybb | mybb | 1.00 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.01 | |
| mybb | mybb | 1.1.0 | |
| mybb | mybb | 1.1.1 | |
| mybb | mybb | 1.1.2 | |
| mybb | mybb | 1.1.3 | |
| mybb | mybb | 1.1.4 | |
| mybb | mybb | 1.1.5 | |
| mybb | mybb | 1.1.6 | |
| mybb | mybb | 1.1.7 | |
| mybb | mybb | 1.1.8 | |
| mybb | mybb | 1.02 | |
| mybb | mybb | 1.2.0 | |
| mybb | mybb | 1.2.1 | |
| mybb | mybb | 1.2.2 | |
| mybb | mybb | 1.2.3 | |
| mybb | mybb | 1.2.4 | |
| mybb | mybb | 1.2.5 | |
| mybb | mybb | 1.2.6 | |
| mybb | mybb | 1.2.7 | |
| mybb | mybb | 1.2.8 | |
| mybb | mybb | 1.2.9 | |
| mybb | mybb | 1.2.10 | |
| mybb | mybb | 1.2.11 | |
| mybb | mybb | 1.2.12 | |
| mybb | mybb | 1.2.13 | |
| mybb | mybb | 1.2.14 | |
| mybb | mybb | 1.03 | |
| mybb | mybb | 1.3 | |
| mybb | mybb | 1.04 | |
| mybb | mybb | 1.4.0 | |
| mybb | mybb | 1.4.1 | |
| mybb | mybb | 1.4.2 | |
| mybb | mybb | 1.4.3 | |
| mybb | mybb | 1.4.4 | |
| mybb | mybb | 1.4.5 | |
| mybb | mybb | 1.4.6 | |
| mybb | mybb | 1.4.7 | |
| mybb | mybb | 1.4.8 | |
| mybb | mybb | 1.4.9 | |
| mybb | mybb | 1.4.10 | |
| mybb | mybb | 1.4.11 | |
| mybb | mybb | 1.4.12 | |
| mybb | mybb | 1.4.13 | |
| mybb | mybb | 1.4.14 | |
| mybb | mybb | 1.4.15 | |
| mybb | mybb | 1.4.16 | |
| mybb | mybb | 1.5.1 | |
| mybb | mybb | 1.5.2 | |
| mybb | mybb | 1.6.1 | |
| mybb | mybb | 1.6.2 | |
| mybb | mybb | 1.6.3 | |
| mybb | mybb | 1.6.4 | |
| mybb | mybb | 1.6.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "ACDC3261-4AA6-48DD-AF97-EF346DBC3FDD", versionEndIncluding: "1.6.6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.00:*:*:*:*:*:*:*", matchCriteriaId: "BD61D970-9363-4A75-A8DB-D0EBA2CF0D53", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:beta4:*:*:*:*:*:*", matchCriteriaId: "C14F8B95-1A33-4DA8-8DE4-35C7DC3590CF", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:pr1:*:*:*:*:*:*", matchCriteriaId: "CD7728CD-1FA0-4428-B3FC-883781A699CD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:pr2:*:*:*:*:*:*", matchCriteriaId: "0883675F-9442-49E7-8471-C205B7EA201D", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "B85E419B-F9D3-4839-A15C-F22BF9DABFAC", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc2:*:*:*:*:*:*", matchCriteriaId: "EAB8B860-71DC-4F45-9E2A-74BD1C2ED893", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc3:*:*:*:*:*:*", matchCriteriaId: "C67749DF-F8AF-4C88-A120-0F48307C58E1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc4:*:*:*:*:*:*", matchCriteriaId: "FD0820A0-5D85-446F-9B7E-F8DB258A1178", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.01:*:*:*:*:*:*:*", matchCriteriaId: "990E206E-5E2C-4A68-9FDF-CD47F7524054", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CF143B59-5C78-4BF6-9368-5BCF427B4753", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "B16F6F07-F5A9-47BF-88ED-25F068B68CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "A8A46A48-1361-4DD3-B97D-4C4FC776D68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "337D89AE-1B7A-4101-B1F7-DFEDF2369385", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.4:*:*:*:*:*:*:*", matchCriteriaId: "BE08AF25-EDB1-4DA1-B431-F0692858AAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.5:*:*:*:*:*:*:*", matchCriteriaId: "BF24E7BA-3144-4DBA-9613-A44FBE0822F9", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.6:*:*:*:*:*:*:*", matchCriteriaId: "029430A5-85BD-4258-B58D-F3DCBC625E5B", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.7:*:*:*:*:*:*:*", matchCriteriaId: "4183DB7F-FAB3-4D90-AD87-31CA4150CFDD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.8:*:*:*:*:*:*:*", matchCriteriaId: "3E2B90B8-DC02-4C79-BD69-DEF79945C418", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.02:*:*:*:*:*:*:*", matchCriteriaId: "C5C52215-D236-4D1A-9E30-14B9676FB68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B48D2EDF-86C2-475C-9476-E5A2D586CA0E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B6725373-C229-4B57-BB1E-AF178E19DEB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "36E4C84A-21D5-4C9A-85F8-45C9657CE6F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.3:*:*:*:*:*:*:*", matchCriteriaId: "C7E55085-E3E3-4BB8-A680-19A28D7E88F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "AB01A9AA-AE70-46DF-815A-05D1101EE706", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "98AFD77B-A046-4AB9-B6F4-FFFF66C63C68", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.6:*:*:*:*:*:*:*", matchCriteriaId: "AA00D38E-AAF6-4F66-9203-5C074FC61F30", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.7:*:*:*:*:*:*:*", matchCriteriaId: "137A8CED-BE82-462F-B83C-15F535961E74", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.8:*:*:*:*:*:*:*", matchCriteriaId: "D179FDB6-9B1D-438C-B512-9A5C4F869A4C", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.9:*:*:*:*:*:*:*", matchCriteriaId: "B3E72A13-6B4A-4C7F-B8D9-A2D35E074B67", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.10:*:*:*:*:*:*:*", matchCriteriaId: "3A2D344F-4671-4194-A553-A5773B5DF3B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.11:*:*:*:*:*:*:*", matchCriteriaId: "245760C8-DC10-47F1-843A-461AE2F3DF61", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.12:*:*:*:*:*:*:*", matchCriteriaId: "A055E6BF-3CAC-4C74-8E37-A89E3E0F8559", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.13:*:*:*:*:*:*:*", matchCriteriaId: "1121A071-3709-4B2B-ADF4-EDC560F73E0A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.14:*:*:*:*:*:*:*", matchCriteriaId: "71FD2842-7E00-440F-8A93-9D3F45A004DB", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.03:*:*:*:*:*:*:*", matchCriteriaId: "F6ABDEE8-D463-47CA-998D-33472F3382F3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.3:pre-1.0:*:*:*:*:*:*", matchCriteriaId: "16C45BFE-A083-4DC8-A2E5-9BCE543F5AE4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.04:*:*:*:*:*:*:*", matchCriteriaId: "DE44965F-F968-4CD2-9F21-1E1A92F5F7F2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "3FC8864E-161F-408E-93D6-693A9238C494", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "4C5965DE-D9B6-4074-B14B-ABCAAAAB872B", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9503D6C2-DCBC-4720-BE29-34913950407E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.3:*:*:*:*:*:*:*", matchCriteriaId: "0F6FC2B1-45DF-439E-8BAE-A15A08E7D9F7", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.4:*:*:*:*:*:*:*", matchCriteriaId: "853E94FE-A56F-44B0-87FE-DE5927B7A547", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.5:*:*:*:*:*:*:*", matchCriteriaId: "49C7F758-9E38-4870-85C3-11E350F96641", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.6:*:*:*:*:*:*:*", matchCriteriaId: "B46B7E13-51F8-4950-BBB4-A03B8E5B4750", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.7:*:*:*:*:*:*:*", matchCriteriaId: "58C9C804-6901-412C-B178-183417BD5C04", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.8:*:*:*:*:*:*:*", matchCriteriaId: "A00F1254-67DE-436D-AB83-1C55639BDBD2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.9:*:*:*:*:*:*:*", matchCriteriaId: "AC2FDC2B-2CB4-433F-9290-3A6BE0A929B5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.10:*:*:*:*:*:*:*", matchCriteriaId: "1FF9452B-CF4B-45F0-8487-23D9CCBB1A4A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.11:*:*:*:*:*:*:*", matchCriteriaId: "2021275B-D61A-4309-8876-5354E115CB29", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.12:*:*:*:*:*:*:*", matchCriteriaId: "7925DEA1-8062-45C9-94E7-19D8FACEAFCD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.13:*:*:*:*:*:*:*", matchCriteriaId: "D35E537F-0F49-40AB-9E97-7898D91353D1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.14:*:*:*:*:*:*:*", matchCriteriaId: "BCDC1181-A2B7-4D1B-B2BF-DAC9E58E88C3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.15:*:*:*:*:*:*:*", matchCriteriaId: "57C37D10-B945-4674-A846-BCEC573FF93C", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.16:*:*:*:*:*:*:*", matchCriteriaId: "4FD245B9-1381-4A1B-AF47-F28349FA6F52", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "2AFD7848-56E4-4608-82E7-CFF46A8809AC", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.5.2:*:*:*:*:*:*:*", matchCriteriaId: "CC489F94-3545-4E1A-AE9E-B88EB1A7D516", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.1:*:*:*:*:*:*:*", matchCriteriaId: "FBEB75D4-FAA4-4A5B-AA0A-57EE8EE88E61", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.2:*:*:*:*:*:*:*", matchCriteriaId: "00E51ABC-9F77-4028-BE47-D5BFD4FEC749", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.3:*:*:*:*:*:*:*", matchCriteriaId: "E0BD20D9-0DFC-451F-9C71-38C6D0236CF2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.4:*:*:*:*:*:*:*", matchCriteriaId: "FDFE35CB-05CC-4E6F-B188-1141773E7F10", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.5:*:*:*:*:*:*:*", matchCriteriaId: "22A90F66-DAE9-45FC-B255-390D569CCC56", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in the User Inline Moderation feature in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to execute arbitrary SQL commands via unspecified vectors.", }, { lang: "es", value: "Vulnerabilidad de inyección SQL en la funcionalidad 'User Inline Moderation' en el panel de control de administración (ACP) en MyBB (alias MyBulletinBoard) antes de v1.6.7 permite a los administradores remotos ejecutar comandos SQL a través de vectores no especificados.\r\n", }, ], id: "CVE-2012-2325", lastModified: "2024-11-21T01:38:53.650", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-08-13T18:55:03.520", references: [ { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/05/07/13", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/05/07/14", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/53417", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/05/07/13", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/05/07/14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/53417", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-03-18 14:59
Modified
2024-11-21 02:27
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in member.php in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "AEC41207-93E4-416F-9670-6AC626CF0700", versionEndIncluding: "1.8.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in member.php in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, { lang: "es", value: "Vulnerabilidad de XSS en member.php en MyBB (también conocido como MyBulletinBoard) anterior a 1.8.4 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados.", }, ], id: "CVE-2015-2332", lastModified: "2024-11-21T02:27:14.147", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-03-18T14:59:01.903", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/73212", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1031953", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/73212", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1031953", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-11-29 11:55
Modified
2024-11-21 01:32
Severity ?
Summary
SQL injection vulnerability in userbarsettings.php in the Userbar plugin 2.2 for MyBB Forum allows remote attackers to execute arbitrary SQL commands via the image2 parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tom_k | forum_userbar_plugin | 2.2 | |
| mybb | mybb | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tom_k:forum_userbar_plugin:2.2:*:*:*:*:*:*:*", matchCriteriaId: "B6E124EE-8A80-4E32-8055-818E10BDC548", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "535910EE-CF4E-4249-B8BB-1972656D56CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in userbarsettings.php in the Userbar plugin 2.2 for MyBB Forum allows remote attackers to execute arbitrary SQL commands via the image2 parameter.", }, { lang: "es", value: "Vulnerabilidad de inyección SQL en userbarsettings.php en el complemento Userbar v2.2 para MyBB Forum permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro image2.", }, ], id: "CVE-2011-4569", lastModified: "2024-11-21T01:32:34.097", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-11-29T11:55:05.837", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.exploit-db.com/exploits/17962", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/50049", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/70474", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.exploit-db.com/exploits/17962", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/50049", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/70474", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-01 16:15
Modified
2024-11-21 05:13
Severity ?
Summary
Installer RCE on settings file write in MyBB before 1.8.22.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mybb.com/versions/1.8.22/ | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mybb.com/versions/1.8.22/ | Release Notes |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "7B03E0B1-4D3E-48F1-BE5B-BCF4A338CC34", versionEndExcluding: "1.8.22", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Installer RCE on settings file write in MyBB before 1.8.22.", }, { lang: "es", value: "Instalador RCE en el archivo de configuración de escritura en MyBB antes de 1.8.22.", }, ], id: "CVE-2020-22612", lastModified: "2024-11-21T05:13:19.283", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-01T16:15:07.533", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://mybb.com/versions/1.8.22/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://mybb.com/versions/1.8.22/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-94", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-29 16:15
Modified
2024-11-21 08:21
Severity ?
Summary
MyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval, and there was some validation of the input to eval, but type juggling interfered with this when using PCRE within PHP.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "BB1F809C-701C-452A-9E80-B91FF79CF7AC", versionEndExcluding: "1.8.36", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval, and there was some validation of the input to eval, but type juggling interfered with this when using PCRE within PHP.", }, { lang: "es", value: "MyBB anterior a 1.8.36 permite la inyección de código por parte de usuarios con ciertos privilegios elevados. Las plantillas en Admin CP usan intencionalmente eval, y hubo cierta validación de la entrada para eval, pero el malabarismo de tipos interfirió con esto cuando se usaba PCRE dentro de PHP.\n", }, ], id: "CVE-2023-41362", lastModified: "2024-11-21T08:21:09.480", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-29T16:15:09.237", references: [ { source: "cve@mitre.org", url: "https://blog.sorcery.ie/posts/mybb_acp_rce/", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/mybb/mybb/commit/a43a6f22944e769a6eabc58c39e7bc18c1cab4ca.patch", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-pr74-wvp3-q6f5", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://mybb.com/versions/1.8.36/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://blog.sorcery.ie/posts/mybb_acp_rce/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/mybb/mybb/commit/a43a6f22944e769a6eabc58c39e7bc18c1cab4ca.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-pr74-wvp3-q6f5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://mybb.com/versions/1.8.36/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-05-14 21:19
Modified
2024-11-21 00:26
Severity ?
Summary
MyBB 1.2.4 allows remote attackers to obtain sensitive information via the (1) action[] parameter to member.php, (2) imagehash[] parameter to captcha.php, and (3) a direct request to inc/datahandlers/event.php, which reveal the installation path in the resulting error message.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "F51E1EAB-F28C-4F8A-B55F-B32CABC67161", versionEndIncluding: "1.2.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB 1.2.4 allows remote attackers to obtain sensitive information via the (1) action[] parameter to member.php, (2) imagehash[] parameter to captcha.php, and (3) a direct request to inc/datahandlers/event.php, which reveal the installation path in the resulting error message.", }, { lang: "es", value: "MyBB 1.2.4 permite a atacantes remotos obtener información sensible a través del parámetro (1) action[] en member.php, el parámetro (2)imagehash[] en captcha.php, and (3) una respuesta directa en inc/datahandlers/event.php, el cual revela la ruta de instalación en el mensaje de error resultado.", }, ], id: "CVE-2007-0689", lastModified: "2024-11-21T00:26:29.890", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-05-14T21:19:00.000", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "http://marc.info/?l=full-disclosure&m=117909973216181&w=2", }, { source: "cve@mitre.org", url: "http://osvdb.org/35548", }, { source: "cve@mitre.org", url: "http://osvdb.org/35549", }, { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "http://www.netvigilance.com/advisory0017", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/34155", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/468549/100/0/threaded", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34336", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "http://marc.info/?l=full-disclosure&m=117909973216181&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/35548", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/35549", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "http://www.netvigilance.com/advisory0017", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/34155", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/468549/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34336", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-06 18:15
Modified
2024-11-21 08:28
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
MyBB is a free and open source forum software. Custom MyCode (BBCode) for the visual editor (_SCEditor_) doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. This weakness can be exploited by pointing a victim to a page where the visual editor is active (e.g. as a post or Private Message) and operates on a maliciously crafted MyCode message. This may occur on pages where message content is pre-filled using a GET/POST parameter, or on reply pages where a previously saved malicious message is quoted. The impact is be mitigated when: 1. the visual editor is disabled globally (_Admin CP → Configuration → Settings → Clickable Smilies and BB Code: [Clickable MyCode Editor](https://github.com/mybb/mybb/blob/mybb_1836/install/resources/settings.xml#L2087-L2094)_ is set to _Off_), or 2. the visual editor is disabled for individual user accounts (_User CP → Your Profile → Edit Options_: _Show the MyCode formatting options on the posting pages_ checkbox is not checked). MyBB 1.8.37 resolves this issue with the commit `6dcaf0b4d`. Users are advised to upgrade. Users unable to upgrade may mitigate the impact without upgrading MyBB by changing the following setting (_Admin CP → Configuration → Settings_):
- _Clickable Smilies and BB Code → [Clickable MyCode Editor](https://github.com/mybb/mybb/blob/mybb_1836/install/resources/settings.xml#L2087-L2094)_: _Off_. Similarly, individual MyBB forum users are able to disable the visual editor by diabling the account option (_User CP → Your Profile → Edit Options_) _Show the MyCode formatting options on the posting pages_.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "EC8DBC6D-0D47-46D6-A840-36BF42F37437", versionEndExcluding: "1.8.37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: " MyBB is a free and open source forum software. Custom MyCode (BBCode) for the visual editor (_SCEditor_) doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. This weakness can be exploited by pointing a victim to a page where the visual editor is active (e.g. as a post or Private Message) and operates on a maliciously crafted MyCode message. This may occur on pages where message content is pre-filled using a GET/POST parameter, or on reply pages where a previously saved malicious message is quoted. The impact is be mitigated when: 1. the visual editor is disabled globally (_Admin CP → Configuration → Settings → Clickable Smilies and BB Code: [Clickable MyCode Editor](https://github.com/mybb/mybb/blob/mybb_1836/install/resources/settings.xml#L2087-L2094)_ is set to _Off_), or 2. the visual editor is disabled for individual user accounts (_User CP → Your Profile → Edit Options_: _Show the MyCode formatting options on the posting pages_ checkbox is not checked). MyBB 1.8.37 resolves this issue with the commit `6dcaf0b4d`. Users are advised to upgrade. Users unable to upgrade may mitigate the impact without upgrading MyBB by changing the following setting (_Admin CP → Configuration → Settings_):\n- _Clickable Smilies and BB Code → [Clickable MyCode Editor](https://github.com/mybb/mybb/blob/mybb_1836/install/resources/settings.xml#L2087-L2094)_: _Off_. Similarly, individual MyBB forum users are able to disable the visual editor by diabling the account option (_User CP → Your Profile → Edit Options_) _Show the MyCode formatting options on the posting pages_.", }, { lang: "es", value: "MyBB es un software de foro gratuito y de código abierto. El MyCode personalizado (BBCode) para el editor visual (_SCEditor_) no sanitiza la entrada correctamente al representar HTML, lo que genera una vulnerabilidad XSS basada en DOM. Esta debilidad se puede explotar dirigiendo a la víctima a una página donde el editor visual está activo (por ejemplo, como una publicación o mensaje privado) y opera con un mensaje MyCode creado con fines malintencionados. Esto puede ocurrir en páginas donde el contenido del mensaje se completa previamente mediante un parámetro GET/POST, o en páginas de respuesta donde se cita un mensaje malicioso previamente guardado. El impacto se mitiga cuando: \n1. el editor visual está deshabilitado globalmente (_Admin CP ? Configuration ? Settings ? Clickable Smilies and BB Code: [Clickable MyCode Editor](https://github.com/mybb/mybb/blob/mybb_1836/install/resources/settings.xml#L2087-L2094)_ is set to _Off_), o \n2. el editor visual está deshabilitado para cuentas de usuario individuales (_User CP ? Your Profile ? Edit Options_: _Show the MyCode formatting options on the posting pages_ checkbox is not checked).\nMyBB 1.8.37 resuelve este problema con el commit `6dcaf0b4d`. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar pueden mitigar el impacto sin actualizar MyBB cambiando la siguiente configuración (_Admin CP ? Configuration ? Settings_): - _Clickable Smilies and BB Code ? [Clickable MyCode Editor](https://github.com/mybb/mybb/blob/mybb_1836/install/resources/settings.xml#L2087-L2094)_: _Off_. \nDe manera similar, los usuarios individuales del foro MyBB pueden desactivar el editor visual marcando la opción de cuenta (_User CP ? Your Profile ? Edit Options_)_Show the MyCode formatting options on the posting pages_.", }, ], id: "CVE-2023-46251", lastModified: "2024-11-21T08:28:10.273", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-06T18:15:08.547", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/mybb/mybb/commit/6dcaf0b4db6254f1833fe8dae295d9ddc2219276", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-wj33-q7vj-9fr8", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://mybb.com/versions/1.8.37/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/mybb/mybb/commit/6dcaf0b4db6254f1833fe8dae295d9ddc2219276", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-wj33-q7vj-9fr8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://mybb.com/versions/1.8.37/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-15 18:15
Modified
2024-11-21 05:58
Severity ?
Summary
SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. (issue 1 of 3).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/161918/MyBB-1.8.25-SQL-Injection.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/mybb/mybb/security/advisories/GHSA-23m9-w75q-ph4p | Patch, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/161918/MyBB-1.8.25-SQL-Injection.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mybb/mybb/security/advisories/GHSA-23m9-w75q-ph4p | Patch, Release Notes, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "E92578FF-AAA5-4F8F-8D78-0662DB9BB02C", versionEndExcluding: "1.8.26", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. (issue 1 of 3).", }, { lang: "es", value: "Una vulnerabilidad de inyección SQL en MyBB, versiones anteriores a 1.8.26, mediante el recuento de votos de la encuesta. (número 1 de 3)", }, ], id: "CVE-2021-27946", lastModified: "2024-11-21T05:58:53.293", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-15T18:15:18.767", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/161918/MyBB-1.8.25-SQL-Injection.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-23m9-w75q-ph4p", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/161918/MyBB-1.8.25-SQL-Injection.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-23m9-w75q-ph4p", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-31 22:59
Modified
2024-11-21 03:01
Severity ?
Summary
MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow remote attackers to obtain sensitive information by leveraging missing directory listing protection in upload directories.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94395 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | Patch, Third Party Advisory, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94395 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | Patch, Third Party Advisory, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | merge_system | * | |
| mybb | mybb | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*", matchCriteriaId: "716986AC-5E6D-4DDD-A553-B88981BDE788", versionEndIncluding: "1.8.6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "2212E819-C064-4963-BCD2-214F09A46902", versionEndIncluding: "1.8.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow remote attackers to obtain sensitive information by leveraging missing directory listing protection in upload directories.", }, { lang: "es", value: "MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.7 y MyBB Merge System en versiones anteriores a 1.8.7 permiten a atacantes remotos obtener información sensible aprovechando la protección de la lista de directorios ausentes en los directorios de subida.", }, ], id: "CVE-2016-9414", lastModified: "2024-11-21T03:01:09.073", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-31T22:59:01.487", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94395", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94395", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-02-11 19:15
Modified
2024-11-21 02:08
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the title parameter in the (1) edit or (2) add action in the user-users module or the (3) finduser action or the name parameter in an (4) edit action in the user-user module or the (5) editprofile action to modcp.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/ | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://adamziaja.com/poc/201312-xss-mybb.html | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://adamziaja.com/poc/201312-xss-mybb.html | Not Applicable |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "53B69B1A-A22A-4ED1-BEE4-7E5146867718", versionEndExcluding: "1.8.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the title parameter in the (1) edit or (2) add action in the user-users module or the (3) finduser action or the name parameter in an (4) edit action in the user-user module or the (5) editprofile action to modcp.php.", }, { lang: "es", value: "Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en MyBB (también se conoce como MyBulletinBoard) versiones anteriores a 1.8.4, permiten a usuarios autenticados remotos inyectar script web o HTML arbitrario por medio del parámetro title en la acción (1) edit o (2) add en el módulo user-users o la (3) acción finduser o el parámetro name en una (4) acción edit en el módulo user-user o la (5) acción editprofile en el archivo modcp.php.", }, ], id: "CVE-2014-3827", lastModified: "2024-11-21T02:08:56.270", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-02-11T19:15:10.527", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { source: "cve@mitre.org", tags: [ "Not Applicable", ], url: "https://adamziaja.com/poc/201312-xss-mybb.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "https://adamziaja.com/poc/201312-xss-mybb.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-08-30 22:55
Modified
2024-11-21 01:33
Severity ?
Summary
Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and attack vectors, related to an "unparsed user avatar in the buddy list."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | mybb | * | |
| mybb | mybb | 1.1.0 | |
| mybb | mybb | 1.1.1 | |
| mybb | mybb | 1.1.2 | |
| mybb | mybb | 1.1.3 | |
| mybb | mybb | 1.1.4 | |
| mybb | mybb | 1.1.5 | |
| mybb | mybb | 1.1.6 | |
| mybb | mybb | 1.1.7 | |
| mybb | mybb | 1.1.8 | |
| mybb | mybb | 1.2 | |
| mybb | mybb | 1.2.0 | |
| mybb | mybb | 1.2.1 | |
| mybb | mybb | 1.2.2 | |
| mybb | mybb | 1.2.3 | |
| mybb | mybb | 1.2.4 | |
| mybb | mybb | 1.2.5 | |
| mybb | mybb | 1.2.6 | |
| mybb | mybb | 1.2.7 | |
| mybb | mybb | 1.2.8 | |
| mybb | mybb | 1.2.9 | |
| mybb | mybb | 1.2.10 | |
| mybb | mybb | 1.2.11 | |
| mybb | mybb | 1.2.12 | |
| mybb | mybb | 1.2.13 | |
| mybb | mybb | 1.2.14 | |
| mybb | mybb | 1.3 | |
| mybb | mybb | 1.4.0 | |
| mybb | mybb | 1.4.1 | |
| mybb | mybb | 1.4.2 | |
| mybb | mybb | 1.4.3 | |
| mybb | mybb | 1.4.4 | |
| mybb | mybb | 1.4.5 | |
| mybb | mybb | 1.4.6 | |
| mybb | mybb | 1.4.7 | |
| mybb | mybb | 1.4.8 | |
| mybb | mybb | 1.4.9 | |
| mybb | mybb | 1.4.10 | |
| mybb | mybb | 1.4.11 | |
| mybb | mybb | 1.4.12 | |
| mybb | mybb | 1.4.13 | |
| mybb | mybb | 1.4.14 | |
| mybb | mybb | 1.4.15 | |
| mybb | mybb | 1.4.16 | |
| mybb | mybb | 1.5.1 | |
| mybb | mybb | 1.5.2 | |
| mybb | mybb | 1.6.0 | |
| mybb | mybb | 1.6.1 | |
| mybb | mybb | 1.6.2 | |
| mybb | mybb | 1.6.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "6EF48E06-2401-400C-B4DB-F26505D0638C", versionEndIncluding: "1.6.4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CF143B59-5C78-4BF6-9368-5BCF427B4753", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "B16F6F07-F5A9-47BF-88ED-25F068B68CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "A8A46A48-1361-4DD3-B97D-4C4FC776D68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "337D89AE-1B7A-4101-B1F7-DFEDF2369385", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.4:*:*:*:*:*:*:*", matchCriteriaId: "BE08AF25-EDB1-4DA1-B431-F0692858AAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.5:*:*:*:*:*:*:*", matchCriteriaId: "BF24E7BA-3144-4DBA-9613-A44FBE0822F9", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.6:*:*:*:*:*:*:*", matchCriteriaId: "029430A5-85BD-4258-B58D-F3DCBC625E5B", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.7:*:*:*:*:*:*:*", matchCriteriaId: "4183DB7F-FAB3-4D90-AD87-31CA4150CFDD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.8:*:*:*:*:*:*:*", matchCriteriaId: "3E2B90B8-DC02-4C79-BD69-DEF79945C418", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2:*:*:*:*:*:*:*", matchCriteriaId: "4E080342-93CD-4E74-AE60-5858738CE7F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B48D2EDF-86C2-475C-9476-E5A2D586CA0E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B6725373-C229-4B57-BB1E-AF178E19DEB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "36E4C84A-21D5-4C9A-85F8-45C9657CE6F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.3:*:*:*:*:*:*:*", matchCriteriaId: "C7E55085-E3E3-4BB8-A680-19A28D7E88F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "AB01A9AA-AE70-46DF-815A-05D1101EE706", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "98AFD77B-A046-4AB9-B6F4-FFFF66C63C68", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.6:*:*:*:*:*:*:*", matchCriteriaId: "AA00D38E-AAF6-4F66-9203-5C074FC61F30", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.7:*:*:*:*:*:*:*", matchCriteriaId: "137A8CED-BE82-462F-B83C-15F535961E74", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.8:*:*:*:*:*:*:*", matchCriteriaId: "D179FDB6-9B1D-438C-B512-9A5C4F869A4C", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.9:*:*:*:*:*:*:*", matchCriteriaId: "B3E72A13-6B4A-4C7F-B8D9-A2D35E074B67", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.10:*:*:*:*:*:*:*", matchCriteriaId: "3A2D344F-4671-4194-A553-A5773B5DF3B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.11:*:*:*:*:*:*:*", matchCriteriaId: "245760C8-DC10-47F1-843A-461AE2F3DF61", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.12:*:*:*:*:*:*:*", matchCriteriaId: "A055E6BF-3CAC-4C74-8E37-A89E3E0F8559", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.13:*:*:*:*:*:*:*", matchCriteriaId: "1121A071-3709-4B2B-ADF4-EDC560F73E0A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.14:*:*:*:*:*:*:*", matchCriteriaId: "71FD2842-7E00-440F-8A93-9D3F45A004DB", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.3:pre-1.0:*:*:*:*:*:*", matchCriteriaId: "16C45BFE-A083-4DC8-A2E5-9BCE543F5AE4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "3FC8864E-161F-408E-93D6-693A9238C494", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "4C5965DE-D9B6-4074-B14B-ABCAAAAB872B", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9503D6C2-DCBC-4720-BE29-34913950407E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.3:*:*:*:*:*:*:*", matchCriteriaId: "0F6FC2B1-45DF-439E-8BAE-A15A08E7D9F7", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.4:*:*:*:*:*:*:*", matchCriteriaId: "853E94FE-A56F-44B0-87FE-DE5927B7A547", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.5:*:*:*:*:*:*:*", matchCriteriaId: "49C7F758-9E38-4870-85C3-11E350F96641", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.6:*:*:*:*:*:*:*", matchCriteriaId: "B46B7E13-51F8-4950-BBB4-A03B8E5B4750", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.7:*:*:*:*:*:*:*", matchCriteriaId: "58C9C804-6901-412C-B178-183417BD5C04", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.8:*:*:*:*:*:*:*", matchCriteriaId: "A00F1254-67DE-436D-AB83-1C55639BDBD2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.9:*:*:*:*:*:*:*", matchCriteriaId: "AC2FDC2B-2CB4-433F-9290-3A6BE0A929B5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.10:*:*:*:*:*:*:*", matchCriteriaId: "1FF9452B-CF4B-45F0-8487-23D9CCBB1A4A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.11:*:*:*:*:*:*:*", matchCriteriaId: "2021275B-D61A-4309-8876-5354E115CB29", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.12:*:*:*:*:*:*:*", matchCriteriaId: "7925DEA1-8062-45C9-94E7-19D8FACEAFCD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.13:*:*:*:*:*:*:*", matchCriteriaId: "D35E537F-0F49-40AB-9E97-7898D91353D1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.14:*:*:*:*:*:*:*", matchCriteriaId: "BCDC1181-A2B7-4D1B-B2BF-DAC9E58E88C3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.15:*:*:*:*:*:*:*", matchCriteriaId: "57C37D10-B945-4674-A846-BCEC573FF93C", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.16:*:*:*:*:*:*:*", matchCriteriaId: "4FD245B9-1381-4A1B-AF47-F28349FA6F52", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "2AFD7848-56E4-4608-82E7-CFF46A8809AC", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.5.2:*:*:*:*:*:*:*", matchCriteriaId: "CC489F94-3545-4E1A-AE9E-B88EB1A7D516", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5B50C36-C3D7-48FD-805B-4A94E727C93F", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.1:*:*:*:*:*:*:*", matchCriteriaId: "FBEB75D4-FAA4-4A5B-AA0A-57EE8EE88E61", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.2:*:*:*:*:*:*:*", matchCriteriaId: "00E51ABC-9F77-4028-BE47-D5BFD4FEC749", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.3:*:*:*:*:*:*:*", matchCriteriaId: "E0BD20D9-0DFC-451F-9C71-38C6D0236CF2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and attack vectors, related to an \"unparsed user avatar in the buddy list.\"", }, { lang: "es", value: "Vulnerabilidad no especificada en MyBB anterior a v1.6.5 tiene un impacto desconocido y vectores de ataque también desconocidos, relacionados con un \"avatar de usuario no parseado en una lista (buddy)\".", }, ], id: "CVE-2011-5133", lastModified: "2024-11-21T01:33:43.133", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-08-30T22:55:04.233", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/46951", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/77325", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/50816", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/46951", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/77325", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/50816", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-12-30 21:00
Modified
2024-11-21 01:21
Severity ?
Summary
member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain superfluous call to the SQL COUNT function, which allows remote attackers to cause a denial of service (resource consumption) by making requests to member.php that trigger scans of the entire users table.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | mybb | * | |
| mybb | mybb | 1.00 | |
| mybb | mybb | 1.01 | |
| mybb | mybb | 1.1.0 | |
| mybb | mybb | 1.1.1 | |
| mybb | mybb | 1.1.2 | |
| mybb | mybb | 1.1.3 | |
| mybb | mybb | 1.1.4 | |
| mybb | mybb | 1.1.5 | |
| mybb | mybb | 1.1.6 | |
| mybb | mybb | 1.1.7 | |
| mybb | mybb | 1.1.8 | |
| mybb | mybb | 1.02 | |
| mybb | mybb | 1.2 | |
| mybb | mybb | 1.2.0 | |
| mybb | mybb | 1.2.1 | |
| mybb | mybb | 1.2.2 | |
| mybb | mybb | 1.2.3 | |
| mybb | mybb | 1.2.4 | |
| mybb | mybb | 1.2.5 | |
| mybb | mybb | 1.2.6 | |
| mybb | mybb | 1.2.7 | |
| mybb | mybb | 1.2.8 | |
| mybb | mybb | 1.2.9 | |
| mybb | mybb | 1.2.10 | |
| mybb | mybb | 1.2.11 | |
| mybb | mybb | 1.2.12 | |
| mybb | mybb | 1.2.13 | |
| mybb | mybb | 1.03 | |
| mybb | mybb | 1.04 | |
| mybb | mybb | 1.4.0 | |
| mybb | mybb | 1.4.2 | |
| mybb | mybb | 1.4.3 | |
| mybb | mybb | 1.4.6 | |
| mybb | mybb | 1.4.8 | |
| mybb | mybb | 1.4.9 | |
| mybb | mybb | 1.4.10 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "AA9326ED-4299-46B9-B654-0BC7C5282903", versionEndIncluding: "1.4.11", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.00:*:*:*:*:*:*:*", matchCriteriaId: "BD61D970-9363-4A75-A8DB-D0EBA2CF0D53", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.01:*:*:*:*:*:*:*", matchCriteriaId: "990E206E-5E2C-4A68-9FDF-CD47F7524054", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CF143B59-5C78-4BF6-9368-5BCF427B4753", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "B16F6F07-F5A9-47BF-88ED-25F068B68CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "A8A46A48-1361-4DD3-B97D-4C4FC776D68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "337D89AE-1B7A-4101-B1F7-DFEDF2369385", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.4:*:*:*:*:*:*:*", matchCriteriaId: "BE08AF25-EDB1-4DA1-B431-F0692858AAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.5:*:*:*:*:*:*:*", matchCriteriaId: "BF24E7BA-3144-4DBA-9613-A44FBE0822F9", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.6:*:*:*:*:*:*:*", matchCriteriaId: "029430A5-85BD-4258-B58D-F3DCBC625E5B", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.7:*:*:*:*:*:*:*", matchCriteriaId: "4183DB7F-FAB3-4D90-AD87-31CA4150CFDD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.8:*:*:*:*:*:*:*", matchCriteriaId: "3E2B90B8-DC02-4C79-BD69-DEF79945C418", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.02:*:*:*:*:*:*:*", matchCriteriaId: "C5C52215-D236-4D1A-9E30-14B9676FB68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2:*:*:*:*:*:*:*", matchCriteriaId: "4E080342-93CD-4E74-AE60-5858738CE7F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B48D2EDF-86C2-475C-9476-E5A2D586CA0E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B6725373-C229-4B57-BB1E-AF178E19DEB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "36E4C84A-21D5-4C9A-85F8-45C9657CE6F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.3:*:*:*:*:*:*:*", matchCriteriaId: "C7E55085-E3E3-4BB8-A680-19A28D7E88F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "AB01A9AA-AE70-46DF-815A-05D1101EE706", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "98AFD77B-A046-4AB9-B6F4-FFFF66C63C68", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.6:*:*:*:*:*:*:*", matchCriteriaId: "AA00D38E-AAF6-4F66-9203-5C074FC61F30", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.7:*:*:*:*:*:*:*", matchCriteriaId: "137A8CED-BE82-462F-B83C-15F535961E74", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.8:*:*:*:*:*:*:*", matchCriteriaId: "D179FDB6-9B1D-438C-B512-9A5C4F869A4C", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.9:*:*:*:*:*:*:*", matchCriteriaId: "B3E72A13-6B4A-4C7F-B8D9-A2D35E074B67", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.10:*:*:*:*:*:*:*", matchCriteriaId: "3A2D344F-4671-4194-A553-A5773B5DF3B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.11:*:*:*:*:*:*:*", matchCriteriaId: "245760C8-DC10-47F1-843A-461AE2F3DF61", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.12:*:*:*:*:*:*:*", matchCriteriaId: "A055E6BF-3CAC-4C74-8E37-A89E3E0F8559", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.13:*:*:*:*:*:*:*", matchCriteriaId: "1121A071-3709-4B2B-ADF4-EDC560F73E0A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.03:*:*:*:*:*:*:*", matchCriteriaId: "F6ABDEE8-D463-47CA-998D-33472F3382F3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.04:*:*:*:*:*:*:*", matchCriteriaId: "DE44965F-F968-4CD2-9F21-1E1A92F5F7F2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "3FC8864E-161F-408E-93D6-693A9238C494", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9503D6C2-DCBC-4720-BE29-34913950407E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.3:*:*:*:*:*:*:*", matchCriteriaId: "0F6FC2B1-45DF-439E-8BAE-A15A08E7D9F7", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.6:*:*:*:*:*:*:*", matchCriteriaId: "B46B7E13-51F8-4950-BBB4-A03B8E5B4750", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.8:*:*:*:*:*:*:*", matchCriteriaId: "A00F1254-67DE-436D-AB83-1C55639BDBD2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.9:*:*:*:*:*:*:*", matchCriteriaId: "AC2FDC2B-2CB4-433F-9290-3A6BE0A929B5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.10:*:*:*:*:*:*:*", matchCriteriaId: "1FF9452B-CF4B-45F0-8487-23D9CCBB1A4A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain superfluous call to the SQL COUNT function, which allows remote attackers to cause a denial of service (resource consumption) by making requests to member.php that trigger scans of the entire users table.", }, { lang: "es", value: "member.php de MyBB (MyBulletinBoard) en versiones anteriores a la 1.4.12 hace una llamada superflua a la función SQL COUNT; lo que permite, a atacantes remotos, provocar una denegación de servició (consumo de todos los recursos) haciendo peticiones a member.php que generan la lectura de toda la tabla de usuarios.", }, ], id: "CVE-2010-4628", lastModified: "2024-11-21T01:21:23.880", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-12-30T21:00:02.643", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", }, { source: "cve@mitre.org", url: "http://dev.mybboard.net/issues/662", }, { source: "cve@mitre.org", url: "http://openwall.com/lists/oss-security/2010/10/08/7", }, { source: "cve@mitre.org", url: "http://openwall.com/lists/oss-security/2010/10/11/8", }, { source: "cve@mitre.org", url: "http://openwall.com/lists/oss-security/2010/12/06/2", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64514", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://dev.mybboard.net/issues/662", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://openwall.com/lists/oss-security/2010/10/08/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://openwall.com/lists/oss-security/2010/10/11/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://openwall.com/lists/oss-security/2010/12/06/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64514", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-09-17 04:29
Modified
2024-11-21 03:53
Severity ?
Summary
A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.mybb.com/2018/09/11/mybb-1-8-19-released-security-maintenance-release/ | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/45449/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2018/09/11/mybb-1-8-19-released-security-maintenance-release/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/45449/ | Exploit, Third Party Advisory, VDB Entry |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "E88CBA36-C42E-4C23-9488-88C8D6E73E12", versionEndExcluding: "1.8.19", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode.", }, { lang: "es", value: "Se ha descubierto un problema de Cross-Site Scripting (XSS) persistente en Visual Editor en MyBB en versiones anteriores a la 1.8.19 mediante Video MyCode.", }, ], id: "CVE-2018-17128", lastModified: "2024-11-21T03:53:54.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-09-17T04:29:00.953", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2018/09/11/mybb-1-8-19-released-security-maintenance-release/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/45449/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2018/09/11/mybb-1-8-19-released-security-maintenance-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/45449/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-06 22:15
Modified
2024-11-21 08:26
Severity ?
Summary
Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "EC8DBC6D-0D47-46D6-A840-36BF42F37437", versionEndExcluding: "1.8.37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component.", }, { lang: "es", value: "Vulnerabilidad de Cross-Site Scripting (XSS) en Mybb Mybb Forums v.1.8.33 permite a un atacante local ejecutar código arbitrario a través del parámetro Nombre del tema en el componente de administración de temas.", }, ], id: "CVE-2023-45556", lastModified: "2024-11-21T08:26:57.797", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-06T22:15:07.990", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "https://github.com/Or4ngm4n/Mybb/blob/main/MyBB%201.8.33%20Cross%20Site%20Scripting.txt", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-4xqm-3cm2-5xgf", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://raw.githubusercontent.com/Or4ngm4n/Mybb/main/Screenshot%202023-10-08%20012112.png", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/Or4ngm4n/Mybb/blob/main/MyBB%201.8.33%20Cross%20Site%20Scripting.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-4xqm-3cm2-5xgf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://raw.githubusercontent.com/Or4ngm4n/Mybb/main/Screenshot%202023-10-08%20012112.png", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-03-29 19:29
Modified
2024-11-21 03:57
Severity ?
Summary
A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/ | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://github.com/mybb/mybb/blob/feature/SECURITY.md#technical-details-of-known-issues | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mybb/mybb/blob/feature/SECURITY.md#technical-details-of-known-issues | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "69E63376-C844-4044-928D-C59A063A8734", versionEndExcluding: "1.8.20", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter.", }, { lang: "es", value: "Una vulnerabilidad de XSS reflejado en el editor \"ModCP Profile\", en versiones anteriores a la 1.8.20, permite a los atacantes remotos inyectar código JavaScript en el parámetro \"username\".", }, ], id: "CVE-2018-19201", lastModified: "2024-11-21T03:57:32.497", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-03-29T19:29:00.213", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/mybb/mybb/blob/feature/SECURITY.md#technical-details-of-known-issues", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/mybb/mybb/blob/feature/SECURITY.md#technical-details-of-known-issues", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-07-08 18:41
Modified
2024-11-21 00:48
Severity ?
Summary
Directory traversal vulnerability in inc/class_language.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $language variable.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "53C7DC96-E461-4181-9555-5DFA116A96DF", versionEndIncluding: "1.2.12", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in inc/class_language.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $language variable.", }, { lang: "es", value: "Vulnerabilidad de salto de directorio en inc/class_language.php de MyBB anterior a 1.2.13, tiene un impacto y vectores de ataque desconocidos relacionados con la variable $language.", }, ], id: "CVE-2008-3071", lastModified: "2024-11-21T00:48:21.267", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-07-08T18:41:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://community.mybboard.net/attachment.php?aid=9272", }, { source: "cve@mitre.org", url: "http://community.mybboard.net/showthread.php?tid=31666", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/31013", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://community.mybboard.net/attachment.php?aid=9272", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://community.mybboard.net/showthread.php?tid=31666", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/31013", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-31 22:59
Modified
2024-11-21 02:39
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inject arbitrary web script or HTML via vectors related to "old upgrade files."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94397 | ||
| cve@mitre.org | https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94397 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/ | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:merge_system:1.8.5:*:*:*:*:*:*:*", matchCriteriaId: "84DB6EE0-4972-434D-9C89-7BD9EB4896B7", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "2FF6F484-A280-45A6-BB5E-B923339B7109", versionEndIncluding: "1.6.17", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.8.0:*:*:*:*:*:*:*", matchCriteriaId: "E697D13C-5594-491B-B911-3B4BEA00AFCC", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.8.1:*:*:*:*:*:*:*", matchCriteriaId: "00724054-858F-4322-8BE5-F6929CC2CAD8", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.8.2:*:*:*:*:*:*:*", matchCriteriaId: "95998F68-1F16-4FEA-BDE3-957235D04881", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.8.3:*:*:*:*:*:*:*", matchCriteriaId: "927F9547-773B-4F2C-8870-AA3672EEC7CA", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.8.4:*:*:*:*:*:*:*", matchCriteriaId: "6817FA9E-51B7-4ADE-86E2-E9F559A585EC", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.8.5:*:*:*:*:*:*:*", matchCriteriaId: "667EFFF1-E5C1-4124-BD0B-D4244FAECE15", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inject arbitrary web script or HTML via vectors related to \"old upgrade files.\"", }, { lang: "es", value: "Vulnerabilidad de XSS en MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.6.18 y 1.8.x en versiones anteriores a 1.8.6 y MyBB Merge System en versiones anteriores a 1.8.6 podrían permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con \"archivos antiguos de actualización\".", }, ], id: "CVE-2015-8976", lastModified: "2024-11-21T02:39:35.277", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-31T22:59:00.267", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/94397", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/94397", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-11-17 21:55
Modified
2024-11-21 01:45
Severity ?
Summary
SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in a search action to admin/index.php.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:1.6.6:*:*:*:*:*:*:*", matchCriteriaId: "E1A3FDDB-9488-405B-A2A0-500CF49061BE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in a search action to admin/index.php.", }, { lang: "es", value: "Una vulnerabilidad de inyección SQL en admin/modules/user/users.php en MyBB (alias MyBulletinBoard) v1.6.6 permite a atacantes remotos ejecutar comandos SQL a través del parámetro conditions[usergroup][] en una acción de búsqueda a admin/index.php.", }, ], id: "CVE-2012-5909", lastModified: "2024-11-21T01:45:29.847", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-11-17T21:55:05.533", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/80634", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://packetstormsecurity.org/files/111238/MyBB-1.6.6-Cross-Site-Scripting-SQL-Injection.html", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/52743", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74396", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/80634", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://packetstormsecurity.org/files/111238/MyBB-1.6.6-Cross-Site-Scripting-SQL-Injection.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/52743", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74396", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-31 22:59
Modified
2024-11-21 03:01
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving Mod control panel logs.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94395 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | Patch, Third Party Advisory, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94395 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | Patch, Third Party Advisory, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | merge_system | * | |
| mybb | mybb | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*", matchCriteriaId: "716986AC-5E6D-4DDD-A553-B88981BDE788", versionEndIncluding: "1.8.6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "2212E819-C064-4963-BCD2-214F09A46902", versionEndIncluding: "1.8.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving Mod control panel logs.", }, { lang: "es", value: "Vulnerabilidad de XSS en MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.7 y MyBB Merge System en versiones anteriores a 1.8.7 podrían permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores que implican registros de panel de control Mod.", }, ], id: "CVE-2016-9407", lastModified: "2024-11-21T03:01:08.010", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-31T22:59:01.220", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94395", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94395", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-22 00:15
Modified
2024-11-21 07:27
Severity ?
Summary
MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/mybb/mybb/security/advisories/GHSA-ggp5-454p-867v | Patch, Third Party Advisory | |
| cve@mitre.org | https://mybb.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mybb/mybb/security/advisories/GHSA-ggp5-454p-867v | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mybb.com | Product |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "81E81B96-4E85-4D0F-BEB7-D2A8E71DDD02", versionEndExcluding: "1.8.32", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings.", }, { lang: "es", value: "MyBB 1.8.31 tiene una vulnerabilidad de inyección SQL en el módulo Usuarios del Admin CP que permite a los usuarios remotos autenticados modificar la cadena de consulta mediante la entrada directa del usuario o la configuración del filtro de búsqueda almacenada.", }, ], id: "CVE-2022-43709", lastModified: "2024-11-21T07:27:06.267", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-22T00:15:12.187", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-ggp5-454p-867v", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://mybb.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-ggp5-454p-867v", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://mybb.com", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-12-30 21:00
Modified
2024-11-21 01:21
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.4.14, and 1.6.x before 1.6.1, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) editpost.php, (2) member.php, and (3) newreply.php.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:1.4.14:*:*:*:*:*:*:*", matchCriteriaId: "BCDC1181-A2B7-4D1B-B2BF-DAC9E58E88C3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5B50C36-C3D7-48FD-805B-4A94E727C93F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.4.14, and 1.6.x before 1.6.1, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) editpost.php, (2) member.php, and (3) newreply.php.", }, { lang: "es", value: "Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en MyBB (MyBulletinBoard) 1.4.14, y 1.6.x anteriores a la 1.6.1. Permiten a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de vectores relacionados con (1) editpost.php, (2) member.php y (3) newreply.php.", }, ], id: "CVE-2010-4522", lastModified: "2024-11-21T01:21:08.233", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2010-12-30T21:00:02.220", references: [ { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2010/12/15/mybb-1-6-1-release-1-4-14-update/", }, { source: "secalert@redhat.com", url: "http://openwall.com/lists/oss-security/2010/12/20/1", }, { source: "secalert@redhat.com", url: "http://openwall.com/lists/oss-security/2010/12/22/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2010/12/15/mybb-1-6-1-release-1-4-14-update/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://openwall.com/lists/oss-security/2010/12/20/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://openwall.com/lists/oss-security/2010/12/22/2", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-11-04 21:00
Modified
2024-11-21 00:52
Severity ?
Summary
MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka "Incomplete protection against MIME-sniffing." NOTE: this could be leveraged for XSS and other attacks.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9503D6C2-DCBC-4720-BE29-34913950407E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka \"Incomplete protection against MIME-sniffing.\" NOTE: this could be leveraged for XSS and other attacks.", }, { lang: "es", value: "MyBB (también conocido como MyBulletinBoard) v1.4.2 no maneja de forma adecuada un fichero que se haya subido y que sea de un tipo no estándar que contenga secuencias HTML; esto permite a atacantes remotos provocar que el fichero sea procesado como un HTML por las inspecciones de contenidos de Internet Explorer. También se conoce como \"Protección incompleta contra MIME-sniffing\". NOTA: Esto podría ser utilizado para XSS y otro tipo de ataques.", }, ], id: "CVE-2008-4930", lastModified: "2024-11-21T00:52:52.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-11-04T21:00:05.987", references: [ { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html", }, { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2008/11/01/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2008/11/01/2", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-31 22:59
Modified
2024-11-21 02:39
Severity ?
Summary
MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the installation path via vectors involving error log files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94397 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94397 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/ | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*", matchCriteriaId: "22907EC0-5A2D-4DCF-B887-8FA311B3D4E2", versionEndIncluding: "1.8.5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "2FF6F484-A280-45A6-BB5E-B923339B7109", versionEndIncluding: "1.6.17", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.8.0:*:*:*:*:*:*:*", matchCriteriaId: "E697D13C-5594-491B-B911-3B4BEA00AFCC", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.8.1:*:*:*:*:*:*:*", matchCriteriaId: "00724054-858F-4322-8BE5-F6929CC2CAD8", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.8.2:*:*:*:*:*:*:*", matchCriteriaId: "95998F68-1F16-4FEA-BDE3-957235D04881", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.8.3:*:*:*:*:*:*:*", matchCriteriaId: "927F9547-773B-4F2C-8870-AA3672EEC7CA", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.8.4:*:*:*:*:*:*:*", matchCriteriaId: "6817FA9E-51B7-4ADE-86E2-E9F559A585EC", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.8.5:*:*:*:*:*:*:*", matchCriteriaId: "667EFFF1-E5C1-4124-BD0B-D4244FAECE15", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the installation path via vectors involving error log files.", }, { lang: "es", value: "MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.6.18 y 1.8.x en versiones anteriores a 1.8.6 y MyBB Merge System en versiones anteriores a 1.8.6 permiten a atacantes remotos obtener la ruta de instalación a través de vectores que involucran archivos de registro de errores.", }, ], id: "CVE-2015-8977", lastModified: "2024-11-21T02:39:35.440", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-31T22:59:00.297", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94397", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94397", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-532", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-02-21 20:29
Modified
2024-11-21 04:11
Severity ?
Summary
MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitrary deletion of user accounts.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://websecnerd.blogspot.in/2018/02/mybb-forum-1_21.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://websecnerd.blogspot.in/2018/02/mybb-forum-1_21.html | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:1.8.14:*:*:*:*:*:*:*", matchCriteriaId: "8DF54ECF-097F-490E-8657-655328421CF9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitrary deletion of user accounts.", }, { lang: "es", value: "MyBB 1.8.14 no comprueba un token CSRF válido, lo que conduce al borrado arbitrario de cuentas de usuario.", }, ], id: "CVE-2018-7305", lastModified: "2024-11-21T04:11:58.610", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-02-21T20:29:00.473", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://websecnerd.blogspot.in/2018/02/mybb-forum-1_21.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://websecnerd.blogspot.in/2018/02/mybb-forum-1_21.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-03-19 14:59
Modified
2024-11-21 02:27
Severity ?
Summary
The cache handler in MyBB (aka MyBulletinBoard) before 1.8.4 does not properly check the encoding of input to the var_export function, which allows attackers to have an unspecified impact via unknown vectors.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "AEC41207-93E4-416F-9670-6AC626CF0700", versionEndIncluding: "1.8.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The cache handler in MyBB (aka MyBulletinBoard) before 1.8.4 does not properly check the encoding of input to the var_export function, which allows attackers to have an unspecified impact via unknown vectors.", }, { lang: "es", value: "El manejador de cache en MyBB (también conocido como MyBulletinBoard) anterior a 1.8.4 no comprueba adecuadamente la codificación de la entrada en la función var_export, lo que permite a atacantes tener un impacto no especificado a través de vectores no conocidos.", }, ], id: "CVE-2015-2352", lastModified: "2024-11-21T02:27:16.657", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-03-19T14:59:04.650", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/73257", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1031953", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/73257", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1031953", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-31 22:59
Modified
2024-11-21 03:01
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Users module in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94396 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/ | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94396 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/ | Patch, Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | merge_system | * | |
| mybb | mybb | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*", matchCriteriaId: "FC4E25F3-7C9D-45E3-8330-961A56BC3C48", versionEndIncluding: "1.8.7", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "78D16782-41C7-4001-8DD1-C7A09B347733", versionEndIncluding: "1.8.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the Users module in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, { lang: "es", value: "Vulnerabilidad de XSS en el módulo Users en el panel de control de Admin en MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.8 y MyBB Merge System en versiones anteriores a 1.8.8 podrían permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados.", }, ], id: "CVE-2016-9421", lastModified: "2024-11-21T03:01:10.143", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-31T22:59:01.750", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94396", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94396", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-15 18:15
Modified
2024-11-21 05:58
Severity ?
Summary
SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/161908/MyBB-1.8.25-Remote-Command-Execution.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://blog.sonarsource.com/mybb-remote-code-execution-chain | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/mybb/mybb/security/advisories/GHSA-r34m-ccm8-mfhq | Patch, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/161908/MyBB-1.8.25-Remote-Command-Execution.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.sonarsource.com/mybb-remote-code-execution-chain | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mybb/mybb/security/advisories/GHSA-r34m-ccm8-mfhq | Patch, Release Notes, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "E92578FF-AAA5-4F8F-8D78-0662DB9BB02C", versionEndExcluding: "1.8.26", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files.", }, { lang: "es", value: "Una vulnerabilidad de inyección SQL en MyBB versiones anteriores a 1.8.26, mediante las propiedades del tema incluyendo en los archivos XML del tema", }, ], id: "CVE-2021-27890", lastModified: "2024-11-21T05:58:42.830", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-15T18:15:18.707", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/161908/MyBB-1.8.25-Remote-Command-Execution.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://blog.sonarsource.com/mybb-remote-code-execution-chain", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-r34m-ccm8-mfhq", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/161908/MyBB-1.8.25-Remote-Command-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://blog.sonarsource.com/mybb-remote-code-execution-chain", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-r34m-ccm8-mfhq", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-12-30 21:00
Modified
2024-11-21 01:21
Severity ?
Summary
The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | mybb | * | |
| mybb | mybb | 1.00 | |
| mybb | mybb | 1.01 | |
| mybb | mybb | 1.1.0 | |
| mybb | mybb | 1.1.1 | |
| mybb | mybb | 1.1.2 | |
| mybb | mybb | 1.1.3 | |
| mybb | mybb | 1.1.4 | |
| mybb | mybb | 1.1.5 | |
| mybb | mybb | 1.1.6 | |
| mybb | mybb | 1.1.7 | |
| mybb | mybb | 1.1.8 | |
| mybb | mybb | 1.02 | |
| mybb | mybb | 1.2 | |
| mybb | mybb | 1.2.0 | |
| mybb | mybb | 1.2.1 | |
| mybb | mybb | 1.2.2 | |
| mybb | mybb | 1.2.3 | |
| mybb | mybb | 1.2.4 | |
| mybb | mybb | 1.2.5 | |
| mybb | mybb | 1.2.6 | |
| mybb | mybb | 1.2.7 | |
| mybb | mybb | 1.2.8 | |
| mybb | mybb | 1.2.9 | |
| mybb | mybb | 1.2.10 | |
| mybb | mybb | 1.2.11 | |
| mybb | mybb | 1.2.12 | |
| mybb | mybb | 1.2.13 | |
| mybb | mybb | 1.03 | |
| mybb | mybb | 1.04 | |
| mybb | mybb | 1.4.0 | |
| mybb | mybb | 1.4.2 | |
| mybb | mybb | 1.4.3 | |
| mybb | mybb | 1.4.6 | |
| mybb | mybb | 1.4.8 | |
| mybb | mybb | 1.4.9 | |
| mybb | mybb | 1.4.10 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "AA9326ED-4299-46B9-B654-0BC7C5282903", versionEndIncluding: "1.4.11", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.00:*:*:*:*:*:*:*", matchCriteriaId: "BD61D970-9363-4A75-A8DB-D0EBA2CF0D53", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.01:*:*:*:*:*:*:*", matchCriteriaId: "990E206E-5E2C-4A68-9FDF-CD47F7524054", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CF143B59-5C78-4BF6-9368-5BCF427B4753", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "B16F6F07-F5A9-47BF-88ED-25F068B68CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "A8A46A48-1361-4DD3-B97D-4C4FC776D68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "337D89AE-1B7A-4101-B1F7-DFEDF2369385", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.4:*:*:*:*:*:*:*", matchCriteriaId: "BE08AF25-EDB1-4DA1-B431-F0692858AAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.5:*:*:*:*:*:*:*", matchCriteriaId: "BF24E7BA-3144-4DBA-9613-A44FBE0822F9", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.6:*:*:*:*:*:*:*", matchCriteriaId: "029430A5-85BD-4258-B58D-F3DCBC625E5B", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.7:*:*:*:*:*:*:*", matchCriteriaId: "4183DB7F-FAB3-4D90-AD87-31CA4150CFDD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.8:*:*:*:*:*:*:*", matchCriteriaId: "3E2B90B8-DC02-4C79-BD69-DEF79945C418", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.02:*:*:*:*:*:*:*", matchCriteriaId: "C5C52215-D236-4D1A-9E30-14B9676FB68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2:*:*:*:*:*:*:*", matchCriteriaId: "4E080342-93CD-4E74-AE60-5858738CE7F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B48D2EDF-86C2-475C-9476-E5A2D586CA0E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B6725373-C229-4B57-BB1E-AF178E19DEB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "36E4C84A-21D5-4C9A-85F8-45C9657CE6F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.3:*:*:*:*:*:*:*", matchCriteriaId: "C7E55085-E3E3-4BB8-A680-19A28D7E88F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "AB01A9AA-AE70-46DF-815A-05D1101EE706", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "98AFD77B-A046-4AB9-B6F4-FFFF66C63C68", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.6:*:*:*:*:*:*:*", matchCriteriaId: "AA00D38E-AAF6-4F66-9203-5C074FC61F30", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.7:*:*:*:*:*:*:*", matchCriteriaId: "137A8CED-BE82-462F-B83C-15F535961E74", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.8:*:*:*:*:*:*:*", matchCriteriaId: "D179FDB6-9B1D-438C-B512-9A5C4F869A4C", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.9:*:*:*:*:*:*:*", matchCriteriaId: "B3E72A13-6B4A-4C7F-B8D9-A2D35E074B67", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.10:*:*:*:*:*:*:*", matchCriteriaId: "3A2D344F-4671-4194-A553-A5773B5DF3B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.11:*:*:*:*:*:*:*", matchCriteriaId: "245760C8-DC10-47F1-843A-461AE2F3DF61", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.12:*:*:*:*:*:*:*", matchCriteriaId: "A055E6BF-3CAC-4C74-8E37-A89E3E0F8559", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.13:*:*:*:*:*:*:*", matchCriteriaId: "1121A071-3709-4B2B-ADF4-EDC560F73E0A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.03:*:*:*:*:*:*:*", matchCriteriaId: "F6ABDEE8-D463-47CA-998D-33472F3382F3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.04:*:*:*:*:*:*:*", matchCriteriaId: "DE44965F-F968-4CD2-9F21-1E1A92F5F7F2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "3FC8864E-161F-408E-93D6-693A9238C494", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9503D6C2-DCBC-4720-BE29-34913950407E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.3:*:*:*:*:*:*:*", matchCriteriaId: "0F6FC2B1-45DF-439E-8BAE-A15A08E7D9F7", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.6:*:*:*:*:*:*:*", matchCriteriaId: "B46B7E13-51F8-4950-BBB4-A03B8E5B4750", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.8:*:*:*:*:*:*:*", matchCriteriaId: "A00F1254-67DE-436D-AB83-1C55639BDBD2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.9:*:*:*:*:*:*:*", matchCriteriaId: "AC2FDC2B-2CB4-433F-9290-3A6BE0A929B5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.10:*:*:*:*:*:*:*", matchCriteriaId: "1FF9452B-CF4B-45F0-8487-23D9CCBB1A4A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force attack.", }, { lang: "es", value: "La función my_rand de functions.php de MyBB (MyBulletinBoard) en versiones anteriores a la 1.4.12 no utiliza apropiadamente la función de PHP mt_rand, lo que facilita a atacantes remotos obtener acceso a cuentas de su elección solicitando un reinicio de la contraseña de la cuenta y, a continuación, realizando un ataque de fuerza bruta.", }, ], id: "CVE-2010-4626", lastModified: "2024-11-21T01:21:23.610", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-12-30T21:00:02.550", references: [ { source: "cve@mitre.org", url: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", }, { source: "cve@mitre.org", url: "http://dev.mybboard.net/issues/843", }, { source: "cve@mitre.org", url: "http://dev.mybboard.net/projects/mybb/repository/revisions/4872", }, { source: "cve@mitre.org", url: "http://openwall.com/lists/oss-security/2010/10/08/7", }, { source: "cve@mitre.org", url: "http://openwall.com/lists/oss-security/2010/10/11/8", }, { source: "cve@mitre.org", url: "http://openwall.com/lists/oss-security/2010/12/06/2", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64516", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://dev.mybboard.net/issues/843", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://dev.mybboard.net/projects/mybb/repository/revisions/4872", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://openwall.com/lists/oss-security/2010/10/08/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://openwall.com/lists/oss-security/2010/10/11/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://openwall.com/lists/oss-security/2010/12/06/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64516", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-310", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-03-18 14:59
Modified
2024-11-21 02:27
Severity ?
Summary
A JSON library in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to obtain the installation path via unknown vectors.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "AEC41207-93E4-416F-9670-6AC626CF0700", versionEndIncluding: "1.8.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A JSON library in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to obtain the installation path via unknown vectors.", }, { lang: "es", value: "Una libraría JSON en MyBB (también conocido como MyBulletinBoard) anterior a 1.8.4 permite a atacantes remotos obtener la ruta de instalación a través de vectores desconocidos.", }, ], id: "CVE-2015-2335", lastModified: "2024-11-21T02:27:14.547", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-03-18T14:59:04.733", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/73216", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1031953", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/73216", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1031953", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-02-11 19:15
Modified
2024-11-21 02:08
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in MyBB before 1.6.13 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in the edit action of the config-profile_fields module.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://adamziaja.com/poc/201312-xss-mybb.html | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://adamziaja.com/poc/201312-xss-mybb.html | Not Applicable |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "F3910CB1-A664-43CD-839E-D0A51228F1E2", versionEndExcluding: "1.6.13", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in MyBB before 1.6.13 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in the edit action of the config-profile_fields module.", }, { lang: "es", value: "Una vulnerabilidad de tipo cross-site scripting (XSS) en MyBB versiones anteriores a 1.6.13, permite a usuarios autenticados remotos inyectar script web o HTML arbitrario por medio del parámetro name en la acción edit del módulo config-profile_fields.", }, ], id: "CVE-2014-3826", lastModified: "2024-11-21T02:08:56.123", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-02-11T19:15:10.420", references: [ { source: "cve@mitre.org", tags: [ "Not Applicable", ], url: "http://adamziaja.com/poc/201312-xss-mybb.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "http://adamziaja.com/poc/201312-xss-mybb.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-03-18 14:59
Modified
2024-11-21 02:27
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the Admin Control Panel (ACP) login in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "AEC41207-93E4-416F-9670-6AC626CF0700", versionEndIncluding: "1.8.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site request forgery (CSRF) vulnerability in the Admin Control Panel (ACP) login in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.", }, { lang: "es", value: "Vulnerabilidad de CSRF en el inicio de sesión de Admin Control Panel (ACP) en MyBB (también conocido como MyBulletinBoard) anterior a 1.8.4 permite a atacantes remotos secuestrar la autenticación de victimas no especificadas a través de vectores desconocidos.", }, ], id: "CVE-2015-2334", lastModified: "2024-11-21T02:27:14.413", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-03-18T14:59:03.827", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/73214", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1031953", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/73214", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1031953", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-31 22:59
Modified
2024-11-21 03:01
Severity ?
Summary
The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to obtain the installation path via vectors involving sending mails.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94395 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94395 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | Patch, Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | merge_system | * | |
| mybb | mybb | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*", matchCriteriaId: "716986AC-5E6D-4DDD-A553-B88981BDE788", versionEndIncluding: "1.8.6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "2212E819-C064-4963-BCD2-214F09A46902", versionEndIncluding: "1.8.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to obtain the installation path via vectors involving sending mails.", }, { lang: "es", value: "El panel de control Admin en MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.7 y MyBB Merge System en versiones anteriores a 1.8.7 permite a los atacantes remotos obtener la ruta de instalación a través de vectores que implican el envío de correos.", }, ], id: "CVE-2016-9411", lastModified: "2024-11-21T03:01:08.623", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-31T22:59:01.377", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94395", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94395", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-31 14:15
Modified
2024-11-21 05:08
Severity ?
Summary
Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Title" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/joelister/bug/issues/1 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/joelister/bug/issues/1 | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:1.8.20:*:*:*:*:*:*:*", matchCriteriaId: "9588B1DB-5ED6-43CE-8B95-78989C75A59E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the \"Title\" field found in the \"Add New Forum\" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'.", }, { lang: "es", value: "Una vulnerabilidad de tipo Cross Site Scripting (XSS) en MyBB versión v1.8.20, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del campo \"Title\" que se encuentra en la página \"Add New Forum\" haciendo una petición HTTP POST autenticada a \"/Upload/admin/index.php?module=forum-management&action=add\"", }, ], id: "CVE-2020-19048", lastModified: "2024-11-21T05:08:55.980", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-31T14:15:25.343", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/joelister/bug/issues/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/joelister/bug/issues/1", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-08-28 19:29
Modified
2024-11-21 03:51
Severity ?
Summary
An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles (within title elements of the generated XML documents) aren't sanitized, leading to XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.mybb.com/2018/08/22/mybb-1-8-18-released-security-maintenance-release/ | Vendor Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/45393/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2018/08/22/mybb-1-8-18-released-security-maintenance-release/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/45393/ | Exploit, Third Party Advisory, VDB Entry |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:1.8.17:*:*:*:*:*:*:*", matchCriteriaId: "2E2D331B-248E-4832-9D75-3B3328E8AA29", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles (within title elements of the generated XML documents) aren't sanitized, leading to XSS.", }, { lang: "es", value: "Se ha descubierto un problema en inc/class_feedgeneration.php en MyBB 1.8.17. En la página de foro RSS Syndication, se puede generar una URL como http://localhost/syndication.php?fid=type=atom1.0limit=15. Los títulos de hilos (en los elementos de título de los documentos XML generados) no se sanean, lo que conduce a Cross-Site Scripting (XSS).", }, ], id: "CVE-2018-15596", lastModified: "2024-11-21T03:51:08.607", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-08-28T19:29:16.553", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://blog.mybb.com/2018/08/22/mybb-1-8-18-released-security-maintenance-release/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/45393/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://blog.mybb.com/2018/08/22/mybb-1-8-18-released-security-maintenance-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/45393/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-09-03 17:59
Modified
2024-11-21 02:31
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the quick edit function in xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the content of a post.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "171A772D-0FDB-4ADD-A4C4-C8E849D8B255", versionEndIncluding: "1.8.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the quick edit function in xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the content of a post.", }, { lang: "es", value: "Vulnerabilidad de XSS en la función de edición rápida en xmlhttp.php en MyBB (también conocida como MyBulletinBoard) en versiones anteriores a 1.8.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del contenido de una post.", }, ], id: "CVE-2015-4552", lastModified: "2024-11-21T02:31:19.630", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-09-03T17:59:01.397", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://adrianhayter.com/exploits.php", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2015/05/27/mybb-1-8-5-1-6-17-merge-system-1-8-5-release/", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1033471", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://adrianhayter.com/exploits.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2015/05/27/mybb-1-8-5-1-6-17-merge-system-1-8-5-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1033471", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-03-03 16:55
Modified
2024-11-21 02:05
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a do_search action, which is not properly handled in a forced SQL error message.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "6568D304-291D-4627-83BD-8859415CC666", versionEndIncluding: "1.6.12", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5B50C36-C3D7-48FD-805B-4A94E727C93F", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.1:*:*:*:*:*:*:*", matchCriteriaId: "FBEB75D4-FAA4-4A5B-AA0A-57EE8EE88E61", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.2:*:*:*:*:*:*:*", matchCriteriaId: "00E51ABC-9F77-4028-BE47-D5BFD4FEC749", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.3:*:*:*:*:*:*:*", matchCriteriaId: "E0BD20D9-0DFC-451F-9C71-38C6D0236CF2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.4:*:*:*:*:*:*:*", matchCriteriaId: "FDFE35CB-05CC-4E6F-B188-1141773E7F10", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.5:*:*:*:*:*:*:*", matchCriteriaId: "22A90F66-DAE9-45FC-B255-390D569CCC56", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.6:*:*:*:*:*:*:*", matchCriteriaId: "E1A3FDDB-9488-405B-A2A0-500CF49061BE", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.7:*:*:*:*:*:*:*", matchCriteriaId: "04264BC5-425C-47D4-9EE0-35BF11B904F9", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.8:*:*:*:*:*:*:*", matchCriteriaId: "5E42628F-7E7F-4E3A-BB8E-699166CB86B3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.9:*:*:*:*:*:*:*", matchCriteriaId: "A02FA2FA-E035-40CD-9C0F-A143A931D40D", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.10:*:*:*:*:*:*:*", matchCriteriaId: "F52B8848-9103-4A78-A45B-6BE73855647A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.11:*:*:*:*:*:*:*", matchCriteriaId: "C7170B92-1D43-49CA-BC79-469F0C8965D6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a do_search action, which is not properly handled in a forced SQL error message.", }, { lang: "es", value: "Vulnerabilidad de XSS en Upload/search.php en MyBB 1.6.12 y anteriores permite a atacantes remotos inyectar script Web o HTML arbitrarios a través del parámetro keywords en una acción do_search, que no es manejado debidamente en un mensaje de error forzado de SQL.", }, ], id: "CVE-2014-1840", lastModified: "2024-11-21T02:05:08.440", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2014-03-03T16:55:04.320", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://osandamalith.wordpress.com/2014/02/02/mybb-1-6-12-post-xss-0day/", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://packetstormsecurity.com/files/125038/MyBB-1.6.12-POST-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://osandamalith.wordpress.com/2014/02/02/mybb-1-6-12-post-xss-0day/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://packetstormsecurity.com/files/125038/MyBB-1.6.12-POST-Cross-Site-Scripting.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-11-10 23:29
Modified
2024-11-21 03:16
Severity ?
Summary
The installer in MyBB before 1.8.13 has XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release/ | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/43137/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/43137/ | Exploit, Third Party Advisory, VDB Entry |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "52EEFACF-D046-478B-801D-CC39CAAD6555", versionEndIncluding: "1.8.12", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The installer in MyBB before 1.8.13 has XSS.", }, { lang: "es", value: "El instalador en MyBB en versiones anteriores a la 1.8.13 tiene Cross-Site Scripting (XSS).", }, ], id: "CVE-2017-16781", lastModified: "2024-11-21T03:16:57.590", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-11-10T23:29:00.277", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/43137/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/43137/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-04-24 18:59
Modified
2024-11-21 03:33
Severity ?
Summary
In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2017/Apr/55 | Exploit, Mailing List, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/98045 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Apr/55 | Exploit, Mailing List, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98045 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/ | Patch, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "EA5913D3-77D8-4093-9225-0B1BDE2A9B5B", versionEndIncluding: "1.8.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter.", }, { lang: "es", value: "En MyBB en versiones anteriores a 1.8.11, el módulo smilie permite Salto de Directorio a través del parámetro pathfolder.", }, ], id: "CVE-2017-8104", lastModified: "2024-11-21T03:33:19.893", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-24T18:59:00.867", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/fulldisclosure/2017/Apr/55", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98045", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/fulldisclosure/2017/Apr/55", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98045", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-01-31 18:28
Modified
2024-11-21 00:26
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulletinBoard) 1.2.2 allows remote attackers to send messages to arbitrary users. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "36E4C84A-21D5-4C9A-85F8-45C9657CE6F5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulletinBoard) 1.2.2 allows remote attackers to send messages to arbitrary users. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.", }, { lang: "es", value: "Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en MyBB (también conocido como MyBulletinBoard) 1.2.2 permite a atacantes remotos enviar mensajes a usuarios de su elección.\r\nNOTA: El origen de esta información es desconocido; los detalles se han obtenido solamente de información de terceros.", }, ], id: "CVE-2007-0622", lastModified: "2024-11-21T00:26:19.887", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-01-31T18:28:00.000", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/32968", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23934", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/32968", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23934", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-04-11 20:29
Modified
2024-11-21 03:57
Severity ?
Summary
A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the 'upsetting[bburl]' parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.mybb.com/ | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://mybb.com/versions/1.8.20/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mybb.com/versions/1.8.20/ | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "E1C328F1-B436-4995-A5C9-66F75C5930A9", versionEndExcluding: "1.8.20", versionStartIncluding: "1.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the 'upsetting[bburl]' parameter.", }, { lang: "es", value: "Una vulnerabilidad de tipo XSS reflejada en el archivo index.php en MyBB versión 1.8.x hasta la 1.8.19, permite a atacantes remotos inyectar JavaScript por medio del parámetro 'upsetting[bburl]'.", }, ], id: "CVE-2018-19202", lastModified: "2024-11-21T03:57:32.650", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-04-11T20:29:00.370", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://mybb.com/versions/1.8.20/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://mybb.com/versions/1.8.20/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-06 19:29
Modified
2024-11-21 04:42
Severity ?
Summary
MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.mybb.com/ | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/ | Release Notes, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:1.18.19:*:*:*:*:*:*:*", matchCriteriaId: "8D3CF894-368E-4806-AD48-6226EFF4DA92", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter.", }, { lang: "es", value: "MyBB 1.8.19 permite que los atacantes remotos puedan obtener información confidencial porque revelar el nombre de usuario al recibir una petición de restablecimiento de contraseña que carece de los parámetros de código", }, ], id: "CVE-2019-3579", lastModified: "2024-11-21T04:42:12.440", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-06T19:29:00.657", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-01-10 16:47
Modified
2024-11-21 02:00
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via vectors related to Yahoo video URLs.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | mybb | * | |
| mybb | mybb | 1.00 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.01 | |
| mybb | mybb | 1.1.0 | |
| mybb | mybb | 1.1.1 | |
| mybb | mybb | 1.1.2 | |
| mybb | mybb | 1.1.3 | |
| mybb | mybb | 1.1.4 | |
| mybb | mybb | 1.1.5 | |
| mybb | mybb | 1.1.6 | |
| mybb | mybb | 1.1.7 | |
| mybb | mybb | 1.1.8 | |
| mybb | mybb | 1.02 | |
| mybb | mybb | 1.2 | |
| mybb | mybb | 1.2.0 | |
| mybb | mybb | 1.2.1 | |
| mybb | mybb | 1.2.2 | |
| mybb | mybb | 1.2.3 | |
| mybb | mybb | 1.2.4 | |
| mybb | mybb | 1.2.5 | |
| mybb | mybb | 1.2.6 | |
| mybb | mybb | 1.2.7 | |
| mybb | mybb | 1.2.8 | |
| mybb | mybb | 1.2.9 | |
| mybb | mybb | 1.2.10 | |
| mybb | mybb | 1.2.11 | |
| mybb | mybb | 1.2.12 | |
| mybb | mybb | 1.2.13 | |
| mybb | mybb | 1.2.14 | |
| mybb | mybb | 1.03 | |
| mybb | mybb | 1.3 | |
| mybb | mybb | 1.04 | |
| mybb | mybb | 1.4.0 | |
| mybb | mybb | 1.4.1 | |
| mybb | mybb | 1.4.2 | |
| mybb | mybb | 1.4.3 | |
| mybb | mybb | 1.4.4 | |
| mybb | mybb | 1.4.5 | |
| mybb | mybb | 1.4.6 | |
| mybb | mybb | 1.4.7 | |
| mybb | mybb | 1.4.8 | |
| mybb | mybb | 1.4.9 | |
| mybb | mybb | 1.4.10 | |
| mybb | mybb | 1.4.11 | |
| mybb | mybb | 1.4.12 | |
| mybb | mybb | 1.4.13 | |
| mybb | mybb | 1.4.14 | |
| mybb | mybb | 1.4.15 | |
| mybb | mybb | 1.4.16 | |
| mybb | mybb | 1.5.1 | |
| mybb | mybb | 1.5.2 | |
| mybb | mybb | 1.6.0 | |
| mybb | mybb | 1.6.1 | |
| mybb | mybb | 1.6.2 | |
| mybb | mybb | 1.6.3 | |
| mybb | mybb | 1.6.4 | |
| mybb | mybb | 1.6.5 | |
| mybb | mybb | 1.6.6 | |
| mybb | mybb | 1.6.7 | |
| mybb | mybb | 1.6.8 | |
| mybb | mybb | 1.6.9 | |
| mybb | mybb | 1.6.10 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "1AB176E2-A87C-4098-93F3-B6B4C09389FD", versionEndIncluding: "1.6.11", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.00:*:*:*:*:*:*:*", matchCriteriaId: "BD61D970-9363-4A75-A8DB-D0EBA2CF0D53", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:beta4:*:*:*:*:*:*", matchCriteriaId: "C14F8B95-1A33-4DA8-8DE4-35C7DC3590CF", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:pr1:*:*:*:*:*:*", matchCriteriaId: "CD7728CD-1FA0-4428-B3FC-883781A699CD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:pr2:*:*:*:*:*:*", matchCriteriaId: "0883675F-9442-49E7-8471-C205B7EA201D", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "B85E419B-F9D3-4839-A15C-F22BF9DABFAC", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc2:*:*:*:*:*:*", matchCriteriaId: "EAB8B860-71DC-4F45-9E2A-74BD1C2ED893", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc3:*:*:*:*:*:*", matchCriteriaId: "C67749DF-F8AF-4C88-A120-0F48307C58E1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc4:*:*:*:*:*:*", matchCriteriaId: "FD0820A0-5D85-446F-9B7E-F8DB258A1178", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.01:*:*:*:*:*:*:*", matchCriteriaId: "990E206E-5E2C-4A68-9FDF-CD47F7524054", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CF143B59-5C78-4BF6-9368-5BCF427B4753", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "B16F6F07-F5A9-47BF-88ED-25F068B68CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "A8A46A48-1361-4DD3-B97D-4C4FC776D68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "337D89AE-1B7A-4101-B1F7-DFEDF2369385", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.4:*:*:*:*:*:*:*", matchCriteriaId: "BE08AF25-EDB1-4DA1-B431-F0692858AAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.5:*:*:*:*:*:*:*", matchCriteriaId: "BF24E7BA-3144-4DBA-9613-A44FBE0822F9", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.6:*:*:*:*:*:*:*", matchCriteriaId: "029430A5-85BD-4258-B58D-F3DCBC625E5B", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.7:*:*:*:*:*:*:*", matchCriteriaId: "4183DB7F-FAB3-4D90-AD87-31CA4150CFDD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.8:*:*:*:*:*:*:*", matchCriteriaId: "3E2B90B8-DC02-4C79-BD69-DEF79945C418", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.02:*:*:*:*:*:*:*", matchCriteriaId: "C5C52215-D236-4D1A-9E30-14B9676FB68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2:*:*:*:*:*:*:*", matchCriteriaId: "4E080342-93CD-4E74-AE60-5858738CE7F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B48D2EDF-86C2-475C-9476-E5A2D586CA0E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B6725373-C229-4B57-BB1E-AF178E19DEB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "36E4C84A-21D5-4C9A-85F8-45C9657CE6F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.3:*:*:*:*:*:*:*", matchCriteriaId: "C7E55085-E3E3-4BB8-A680-19A28D7E88F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "AB01A9AA-AE70-46DF-815A-05D1101EE706", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "98AFD77B-A046-4AB9-B6F4-FFFF66C63C68", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.6:*:*:*:*:*:*:*", matchCriteriaId: "AA00D38E-AAF6-4F66-9203-5C074FC61F30", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.7:*:*:*:*:*:*:*", matchCriteriaId: "137A8CED-BE82-462F-B83C-15F535961E74", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.8:*:*:*:*:*:*:*", matchCriteriaId: "D179FDB6-9B1D-438C-B512-9A5C4F869A4C", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.9:*:*:*:*:*:*:*", matchCriteriaId: "B3E72A13-6B4A-4C7F-B8D9-A2D35E074B67", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.10:*:*:*:*:*:*:*", matchCriteriaId: "3A2D344F-4671-4194-A553-A5773B5DF3B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.11:*:*:*:*:*:*:*", matchCriteriaId: "245760C8-DC10-47F1-843A-461AE2F3DF61", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.12:*:*:*:*:*:*:*", matchCriteriaId: "A055E6BF-3CAC-4C74-8E37-A89E3E0F8559", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.13:*:*:*:*:*:*:*", matchCriteriaId: "1121A071-3709-4B2B-ADF4-EDC560F73E0A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.14:*:*:*:*:*:*:*", matchCriteriaId: "71FD2842-7E00-440F-8A93-9D3F45A004DB", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.03:*:*:*:*:*:*:*", matchCriteriaId: "F6ABDEE8-D463-47CA-998D-33472F3382F3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.3:pre-1.0:*:*:*:*:*:*", matchCriteriaId: "16C45BFE-A083-4DC8-A2E5-9BCE543F5AE4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.04:*:*:*:*:*:*:*", matchCriteriaId: "DE44965F-F968-4CD2-9F21-1E1A92F5F7F2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "3FC8864E-161F-408E-93D6-693A9238C494", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "4C5965DE-D9B6-4074-B14B-ABCAAAAB872B", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9503D6C2-DCBC-4720-BE29-34913950407E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.3:*:*:*:*:*:*:*", matchCriteriaId: "0F6FC2B1-45DF-439E-8BAE-A15A08E7D9F7", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.4:*:*:*:*:*:*:*", matchCriteriaId: "853E94FE-A56F-44B0-87FE-DE5927B7A547", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.5:*:*:*:*:*:*:*", matchCriteriaId: "49C7F758-9E38-4870-85C3-11E350F96641", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.6:*:*:*:*:*:*:*", matchCriteriaId: "B46B7E13-51F8-4950-BBB4-A03B8E5B4750", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.7:*:*:*:*:*:*:*", matchCriteriaId: "58C9C804-6901-412C-B178-183417BD5C04", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.8:*:*:*:*:*:*:*", matchCriteriaId: "A00F1254-67DE-436D-AB83-1C55639BDBD2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.9:*:*:*:*:*:*:*", matchCriteriaId: "AC2FDC2B-2CB4-433F-9290-3A6BE0A929B5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.10:*:*:*:*:*:*:*", matchCriteriaId: "1FF9452B-CF4B-45F0-8487-23D9CCBB1A4A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.11:*:*:*:*:*:*:*", matchCriteriaId: "2021275B-D61A-4309-8876-5354E115CB29", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.12:*:*:*:*:*:*:*", matchCriteriaId: "7925DEA1-8062-45C9-94E7-19D8FACEAFCD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.13:*:*:*:*:*:*:*", matchCriteriaId: "D35E537F-0F49-40AB-9E97-7898D91353D1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.14:*:*:*:*:*:*:*", matchCriteriaId: "BCDC1181-A2B7-4D1B-B2BF-DAC9E58E88C3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.15:*:*:*:*:*:*:*", matchCriteriaId: "57C37D10-B945-4674-A846-BCEC573FF93C", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.16:*:*:*:*:*:*:*", matchCriteriaId: "4FD245B9-1381-4A1B-AF47-F28349FA6F52", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "2AFD7848-56E4-4608-82E7-CFF46A8809AC", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.5.2:*:*:*:*:*:*:*", matchCriteriaId: "CC489F94-3545-4E1A-AE9E-B88EB1A7D516", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5B50C36-C3D7-48FD-805B-4A94E727C93F", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.1:*:*:*:*:*:*:*", matchCriteriaId: "FBEB75D4-FAA4-4A5B-AA0A-57EE8EE88E61", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.2:*:*:*:*:*:*:*", matchCriteriaId: "00E51ABC-9F77-4028-BE47-D5BFD4FEC749", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.3:*:*:*:*:*:*:*", matchCriteriaId: "E0BD20D9-0DFC-451F-9C71-38C6D0236CF2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.4:*:*:*:*:*:*:*", matchCriteriaId: "FDFE35CB-05CC-4E6F-B188-1141773E7F10", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.5:*:*:*:*:*:*:*", matchCriteriaId: "22A90F66-DAE9-45FC-B255-390D569CCC56", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.6:*:*:*:*:*:*:*", matchCriteriaId: "E1A3FDDB-9488-405B-A2A0-500CF49061BE", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.7:*:*:*:*:*:*:*", matchCriteriaId: "04264BC5-425C-47D4-9EE0-35BF11B904F9", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.8:*:*:*:*:*:*:*", matchCriteriaId: "5E42628F-7E7F-4E3A-BB8E-699166CB86B3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.9:*:*:*:*:*:*:*", matchCriteriaId: "A02FA2FA-E035-40CD-9C0F-A143A931D40D", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.10:*:*:*:*:*:*:*", matchCriteriaId: "F52B8848-9103-4A78-A45B-6BE73855647A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via vectors related to Yahoo video URLs.", }, { lang: "es", value: "Vulnerabilidad cross-site scripting (XSS) en la función mycode_parse_video de inc/class_parser.php de MyBB (MyBulletinBoard) anteriores a 1.6.12 permite a atacantes remotos inyectar script web o HTML de forma arbitraria a través de vectores relacionados con URLs de video Yahoo.", }, ], id: "CVE-2013-7288", lastModified: "2024-11-21T02:00:39.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2014-01-10T16:47:05.410", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release", }, { source: "cve@mitre.org", url: "http://osvdb.org/show/osvdb/101544", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/55945", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/64570", }, { source: "cve@mitre.org", url: "https://github.com/mybb/mybb/commit/238696e37d6a22b89e6bba11e4de3e6620cb5547", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/show/osvdb/101544", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/55945", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/64570", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/mybb/mybb/commit/238696e37d6a22b89e6bba11e4de3e6620cb5547", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-15 17:15
Modified
2024-11-21 05:58
Severity ?
Summary
Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/161908/MyBB-1.8.25-Remote-Command-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://blog.sonarsource.com/mybb-remote-code-execution-chain | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/mybb/mybb/security/advisories/GHSA-xhj7-3349-mqcm | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/161908/MyBB-1.8.25-Remote-Command-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.sonarsource.com/mybb-remote-code-execution-chain | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mybb/mybb/security/advisories/GHSA-xhj7-3349-mqcm | Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "E92578FF-AAA5-4F8F-8D78-0662DB9BB02C", versionEndExcluding: "1.8.26", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages.", }, { lang: "es", value: "Una vulnerabilidad de tipo Cross-site Scripting (XSS) en MyBB versiones anteriores a 1.8.26 a través de Nested Auto URL cuando se analizan los mensajes", }, ], id: "CVE-2021-27889", lastModified: "2024-11-21T05:58:42.617", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-15T17:15:22.517", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/161908/MyBB-1.8.25-Remote-Command-Execution.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://blog.sonarsource.com/mybb-remote-code-execution-chain", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-xhj7-3349-mqcm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/161908/MyBB-1.8.25-Remote-Command-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://blog.sonarsource.com/mybb-remote-code-execution-chain", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-xhj7-3349-mqcm", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-01-08 15:29
Modified
2024-11-21 02:00
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie list popup.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | mybb | * | |
| mybb | mybb | 1.00 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.0 | |
| mybb | mybb | 1.01 | |
| mybb | mybb | 1.1.0 | |
| mybb | mybb | 1.1.1 | |
| mybb | mybb | 1.1.2 | |
| mybb | mybb | 1.1.3 | |
| mybb | mybb | 1.1.4 | |
| mybb | mybb | 1.1.5 | |
| mybb | mybb | 1.1.6 | |
| mybb | mybb | 1.1.7 | |
| mybb | mybb | 1.1.8 | |
| mybb | mybb | 1.02 | |
| mybb | mybb | 1.2 | |
| mybb | mybb | 1.2.0 | |
| mybb | mybb | 1.2.1 | |
| mybb | mybb | 1.2.2 | |
| mybb | mybb | 1.2.3 | |
| mybb | mybb | 1.2.4 | |
| mybb | mybb | 1.2.5 | |
| mybb | mybb | 1.2.6 | |
| mybb | mybb | 1.2.7 | |
| mybb | mybb | 1.2.8 | |
| mybb | mybb | 1.2.9 | |
| mybb | mybb | 1.2.10 | |
| mybb | mybb | 1.2.11 | |
| mybb | mybb | 1.2.12 | |
| mybb | mybb | 1.2.13 | |
| mybb | mybb | 1.2.14 | |
| mybb | mybb | 1.03 | |
| mybb | mybb | 1.3 | |
| mybb | mybb | 1.04 | |
| mybb | mybb | 1.4.0 | |
| mybb | mybb | 1.4.1 | |
| mybb | mybb | 1.4.2 | |
| mybb | mybb | 1.4.3 | |
| mybb | mybb | 1.4.4 | |
| mybb | mybb | 1.4.5 | |
| mybb | mybb | 1.4.6 | |
| mybb | mybb | 1.4.7 | |
| mybb | mybb | 1.4.8 | |
| mybb | mybb | 1.4.9 | |
| mybb | mybb | 1.4.10 | |
| mybb | mybb | 1.4.11 | |
| mybb | mybb | 1.4.12 | |
| mybb | mybb | 1.4.13 | |
| mybb | mybb | 1.4.14 | |
| mybb | mybb | 1.4.15 | |
| mybb | mybb | 1.4.16 | |
| mybb | mybb | 1.5.1 | |
| mybb | mybb | 1.5.2 | |
| mybb | mybb | 1.6.0 | |
| mybb | mybb | 1.6.1 | |
| mybb | mybb | 1.6.2 | |
| mybb | mybb | 1.6.3 | |
| mybb | mybb | 1.6.4 | |
| mybb | mybb | 1.6.5 | |
| mybb | mybb | 1.6.6 | |
| mybb | mybb | 1.6.7 | |
| mybb | mybb | 1.6.8 | |
| mybb | mybb | 1.6.9 | |
| mybb | mybb | 1.6.10 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "1AB176E2-A87C-4098-93F3-B6B4C09389FD", versionEndIncluding: "1.6.11", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.00:*:*:*:*:*:*:*", matchCriteriaId: "BD61D970-9363-4A75-A8DB-D0EBA2CF0D53", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:beta4:*:*:*:*:*:*", matchCriteriaId: "C14F8B95-1A33-4DA8-8DE4-35C7DC3590CF", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:pr1:*:*:*:*:*:*", matchCriteriaId: "CD7728CD-1FA0-4428-B3FC-883781A699CD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:pr2:*:*:*:*:*:*", matchCriteriaId: "0883675F-9442-49E7-8471-C205B7EA201D", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "B85E419B-F9D3-4839-A15C-F22BF9DABFAC", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc2:*:*:*:*:*:*", matchCriteriaId: "EAB8B860-71DC-4F45-9E2A-74BD1C2ED893", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc3:*:*:*:*:*:*", matchCriteriaId: "C67749DF-F8AF-4C88-A120-0F48307C58E1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.0:rc4:*:*:*:*:*:*", matchCriteriaId: "FD0820A0-5D85-446F-9B7E-F8DB258A1178", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.01:*:*:*:*:*:*:*", matchCriteriaId: "990E206E-5E2C-4A68-9FDF-CD47F7524054", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CF143B59-5C78-4BF6-9368-5BCF427B4753", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "B16F6F07-F5A9-47BF-88ED-25F068B68CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "A8A46A48-1361-4DD3-B97D-4C4FC776D68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "337D89AE-1B7A-4101-B1F7-DFEDF2369385", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.4:*:*:*:*:*:*:*", matchCriteriaId: "BE08AF25-EDB1-4DA1-B431-F0692858AAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.5:*:*:*:*:*:*:*", matchCriteriaId: "BF24E7BA-3144-4DBA-9613-A44FBE0822F9", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.6:*:*:*:*:*:*:*", matchCriteriaId: "029430A5-85BD-4258-B58D-F3DCBC625E5B", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.7:*:*:*:*:*:*:*", matchCriteriaId: "4183DB7F-FAB3-4D90-AD87-31CA4150CFDD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.8:*:*:*:*:*:*:*", matchCriteriaId: "3E2B90B8-DC02-4C79-BD69-DEF79945C418", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.02:*:*:*:*:*:*:*", matchCriteriaId: "C5C52215-D236-4D1A-9E30-14B9676FB68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2:*:*:*:*:*:*:*", matchCriteriaId: "4E080342-93CD-4E74-AE60-5858738CE7F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B48D2EDF-86C2-475C-9476-E5A2D586CA0E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B6725373-C229-4B57-BB1E-AF178E19DEB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "36E4C84A-21D5-4C9A-85F8-45C9657CE6F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.3:*:*:*:*:*:*:*", matchCriteriaId: "C7E55085-E3E3-4BB8-A680-19A28D7E88F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "AB01A9AA-AE70-46DF-815A-05D1101EE706", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "98AFD77B-A046-4AB9-B6F4-FFFF66C63C68", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.6:*:*:*:*:*:*:*", matchCriteriaId: "AA00D38E-AAF6-4F66-9203-5C074FC61F30", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.7:*:*:*:*:*:*:*", matchCriteriaId: "137A8CED-BE82-462F-B83C-15F535961E74", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.8:*:*:*:*:*:*:*", matchCriteriaId: "D179FDB6-9B1D-438C-B512-9A5C4F869A4C", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.9:*:*:*:*:*:*:*", matchCriteriaId: "B3E72A13-6B4A-4C7F-B8D9-A2D35E074B67", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.10:*:*:*:*:*:*:*", matchCriteriaId: "3A2D344F-4671-4194-A553-A5773B5DF3B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.11:*:*:*:*:*:*:*", matchCriteriaId: "245760C8-DC10-47F1-843A-461AE2F3DF61", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.12:*:*:*:*:*:*:*", matchCriteriaId: "A055E6BF-3CAC-4C74-8E37-A89E3E0F8559", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.13:*:*:*:*:*:*:*", matchCriteriaId: "1121A071-3709-4B2B-ADF4-EDC560F73E0A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.14:*:*:*:*:*:*:*", matchCriteriaId: "71FD2842-7E00-440F-8A93-9D3F45A004DB", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.03:*:*:*:*:*:*:*", matchCriteriaId: "F6ABDEE8-D463-47CA-998D-33472F3382F3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.3:pre-1.0:*:*:*:*:*:*", matchCriteriaId: "16C45BFE-A083-4DC8-A2E5-9BCE543F5AE4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.04:*:*:*:*:*:*:*", matchCriteriaId: "DE44965F-F968-4CD2-9F21-1E1A92F5F7F2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "3FC8864E-161F-408E-93D6-693A9238C494", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "4C5965DE-D9B6-4074-B14B-ABCAAAAB872B", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9503D6C2-DCBC-4720-BE29-34913950407E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.3:*:*:*:*:*:*:*", matchCriteriaId: "0F6FC2B1-45DF-439E-8BAE-A15A08E7D9F7", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.4:*:*:*:*:*:*:*", matchCriteriaId: "853E94FE-A56F-44B0-87FE-DE5927B7A547", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.5:*:*:*:*:*:*:*", matchCriteriaId: "49C7F758-9E38-4870-85C3-11E350F96641", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.6:*:*:*:*:*:*:*", matchCriteriaId: "B46B7E13-51F8-4950-BBB4-A03B8E5B4750", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.7:*:*:*:*:*:*:*", matchCriteriaId: "58C9C804-6901-412C-B178-183417BD5C04", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.8:*:*:*:*:*:*:*", matchCriteriaId: "A00F1254-67DE-436D-AB83-1C55639BDBD2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.9:*:*:*:*:*:*:*", matchCriteriaId: "AC2FDC2B-2CB4-433F-9290-3A6BE0A929B5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.10:*:*:*:*:*:*:*", matchCriteriaId: "1FF9452B-CF4B-45F0-8487-23D9CCBB1A4A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.11:*:*:*:*:*:*:*", matchCriteriaId: "2021275B-D61A-4309-8876-5354E115CB29", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.12:*:*:*:*:*:*:*", matchCriteriaId: "7925DEA1-8062-45C9-94E7-19D8FACEAFCD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.13:*:*:*:*:*:*:*", matchCriteriaId: "D35E537F-0F49-40AB-9E97-7898D91353D1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.14:*:*:*:*:*:*:*", matchCriteriaId: "BCDC1181-A2B7-4D1B-B2BF-DAC9E58E88C3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.15:*:*:*:*:*:*:*", matchCriteriaId: "57C37D10-B945-4674-A846-BCEC573FF93C", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.16:*:*:*:*:*:*:*", matchCriteriaId: "4FD245B9-1381-4A1B-AF47-F28349FA6F52", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "2AFD7848-56E4-4608-82E7-CFF46A8809AC", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.5.2:*:*:*:*:*:*:*", matchCriteriaId: "CC489F94-3545-4E1A-AE9E-B88EB1A7D516", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5B50C36-C3D7-48FD-805B-4A94E727C93F", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.1:*:*:*:*:*:*:*", matchCriteriaId: "FBEB75D4-FAA4-4A5B-AA0A-57EE8EE88E61", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.2:*:*:*:*:*:*:*", matchCriteriaId: "00E51ABC-9F77-4028-BE47-D5BFD4FEC749", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.3:*:*:*:*:*:*:*", matchCriteriaId: "E0BD20D9-0DFC-451F-9C71-38C6D0236CF2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.4:*:*:*:*:*:*:*", matchCriteriaId: "FDFE35CB-05CC-4E6F-B188-1141773E7F10", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.5:*:*:*:*:*:*:*", matchCriteriaId: "22A90F66-DAE9-45FC-B255-390D569CCC56", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.6:*:*:*:*:*:*:*", matchCriteriaId: "E1A3FDDB-9488-405B-A2A0-500CF49061BE", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.7:*:*:*:*:*:*:*", matchCriteriaId: "04264BC5-425C-47D4-9EE0-35BF11B904F9", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.8:*:*:*:*:*:*:*", matchCriteriaId: "5E42628F-7E7F-4E3A-BB8E-699166CB86B3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.9:*:*:*:*:*:*:*", matchCriteriaId: "A02FA2FA-E035-40CD-9C0F-A143A931D40D", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.10:*:*:*:*:*:*:*", matchCriteriaId: "F52B8848-9103-4A78-A45B-6BE73855647A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie list popup.", }, { lang: "es", value: "Vulnerabilidad cross-site scripting (XSS) en misc.php de MyBB (tambien conocido como MyBulletinBoard) anteriores a 1.6.12 permite a atacantes remotos inyectar script web o HTML de forma arbitraria a través del parámetro editor en un listado de smileis.", }, ], id: "CVE-2013-7275", lastModified: "2024-11-21T02:00:37.783", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2014-01-08T15:29:56.807", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release", }, { source: "cve@mitre.org", url: "http://osvdb.org/101545", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/55945", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/64570", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", ], url: "https://github.com/mybb/mybb/commit/6212bc954d72caf591e141ca36b8df964387bee8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/101545", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/55945", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/64570", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "https://github.com/mybb/mybb/commit/6212bc954d72caf591e141ca36b8df964387bee8", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2006-01-26 22:03
Modified
2024-11-21 00:06
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in MyBulletinBoard (MyBB) 1.02 allow remote attackers to inject arbitrary web script or HTML via the (1) notepad parameter in a notepad action and (2) signature parameter in an editsig action. NOTE: These are different attack vectors, and probably a different vulnerability, than CVE-2006-0218 and CVE-2006-0219.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "15DA7BAA-2E08-410F-B80E-0B1EC0B4EF46", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in MyBulletinBoard (MyBB) 1.02 allow remote attackers to inject arbitrary web script or HTML via the (1) notepad parameter in a notepad action and (2) signature parameter in an editsig action. NOTE: These are different attack vectors, and probably a different vulnerability, than CVE-2006-0218 and CVE-2006-0219.", }, { lang: "es", value: "Múltiples vulnerabilidades de XSS en usercp.php en MyBulletinBoard (MyBB) 1.02 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a través del (1) parámetro de bloc en una acción de bloc y (2) parametro de firma en una acción de edición. NOTA: Estos son diferentes tipos de ataque y, probablemente, una vulnerabilidad diferente a CVE-2006-0218 y CVE-2006-0219.", }, ], id: "CVE-2006-0442", lastModified: "2024-11-21T00:06:28.510", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2006-01-26T22:03:00.000", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "http://kapda.ir/advisory-241.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/18603", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1015535", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/423128/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/16361", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2006/0316", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "http://kapda.ir/advisory-241.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/18603", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1015535", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/423128/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/16361", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2006/0316", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-03-18 14:59
Modified
2024-11-21 02:27
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the MyCode editor in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "AEC41207-93E4-416F-9670-6AC626CF0700", versionEndIncluding: "1.8.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the MyCode editor in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, { lang: "es", value: "Vulnerabilidad de XSS en el editor MyCode en MyBB (también conocido como MyBulletinBoard) anterior a 1.8.4 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados.", }, ], id: "CVE-2015-2333", lastModified: "2024-11-21T02:27:14.283", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-03-18T14:59:02.873", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/73213", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1031953", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/73213", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1031953", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-15 18:15
Modified
2024-11-21 05:58
Severity ?
Summary
SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (issue 3 of 3).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/mybb/mybb/security/advisories/GHSA-3p9w-2q65-r6g2 | Patch, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mybb/mybb/security/advisories/GHSA-3p9w-2q65-r6g2 | Patch, Release Notes, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "E92578FF-AAA5-4F8F-8D78-0662DB9BB02C", versionEndExcluding: "1.8.26", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (issue 3 of 3).", }, { lang: "es", value: "Una vulnerabilidad de inyección SQL en MyBB versiones anteriores a 1.8.26 mediante User Groups. (número 3 de 3)", }, ], id: "CVE-2021-27948", lastModified: "2024-11-21T05:58:53.690", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-15T18:15:18.893", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-3p9w-2q65-r6g2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-3p9w-2q65-r6g2", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-10-26 22:15
Modified
2024-11-21 06:26
Severity ?
Summary
MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/mybb/mybb/security/advisories/ | Third Party Advisory | |
| cve@mitre.org | https://github.com/mybb/mybb/security/advisories/GHSA-gxhv-r3m5-6qv7 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mybb/mybb/security/advisories/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mybb/mybb/security/advisories/GHSA-gxhv-r3m5-6qv7 | Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "69AA234A-F7F0-43AD-854E-1C65C38D480C", versionEndExcluding: "1.8.28", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly.", }, { lang: "es", value: "MyBB versiones anteriores a 1.8.28, permite un ataque de tipo XSS almacenado porque el valor del Nombre de la Plantilla que se muestra en la administración de temas del CP de Administración no escapa apropiadamente", }, ], id: "CVE-2021-41866", lastModified: "2024-11-21T06:26:55.367", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-10-26T22:15:08.207", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-gxhv-r3m5-6qv7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-gxhv-r3m5-6qv7", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-31 22:59
Modified
2024-11-21 02:39
Severity ?
Summary
xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to the forum password.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94397 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94397 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/ | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*", matchCriteriaId: "22907EC0-5A2D-4DCF-B887-8FA311B3D4E2", versionEndIncluding: "1.8.5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "2FF6F484-A280-45A6-BB5E-B923339B7109", versionEndIncluding: "1.6.17", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.8.0:*:*:*:*:*:*:*", matchCriteriaId: "E697D13C-5594-491B-B911-3B4BEA00AFCC", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.8.1:*:*:*:*:*:*:*", matchCriteriaId: "00724054-858F-4322-8BE5-F6929CC2CAD8", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.8.2:*:*:*:*:*:*:*", matchCriteriaId: "95998F68-1F16-4FEA-BDE3-957235D04881", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.8.3:*:*:*:*:*:*:*", matchCriteriaId: "927F9547-773B-4F2C-8870-AA3672EEC7CA", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.8.4:*:*:*:*:*:*:*", matchCriteriaId: "6817FA9E-51B7-4ADE-86E2-E9F559A585EC", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.8.5:*:*:*:*:*:*:*", matchCriteriaId: "667EFFF1-E5C1-4124-BD0B-D4244FAECE15", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to the forum password.", }, { lang: "es", value: "xmlhttp.php en MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.6.18 y 1.8.x en versiones anteriores a 1.8.6 y MyBB Merge System en versiones anteriores a 1.8.6 permite a atacantes remotos eludir las restricciones de acceso previstas a través de vectores relacionados con la contraseña del foro.", }, ], id: "CVE-2015-8973", lastModified: "2024-11-21T02:39:34.800", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-31T22:59:00.140", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94397", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94397", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-08-30 22:55
Modified
2024-11-21 01:33
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of a user for requests that change the user's language via the language parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | mybb | * | |
| mybb | mybb | 1.1.0 | |
| mybb | mybb | 1.1.1 | |
| mybb | mybb | 1.1.2 | |
| mybb | mybb | 1.1.3 | |
| mybb | mybb | 1.1.4 | |
| mybb | mybb | 1.1.5 | |
| mybb | mybb | 1.1.6 | |
| mybb | mybb | 1.1.7 | |
| mybb | mybb | 1.1.8 | |
| mybb | mybb | 1.2 | |
| mybb | mybb | 1.2.0 | |
| mybb | mybb | 1.2.1 | |
| mybb | mybb | 1.2.2 | |
| mybb | mybb | 1.2.3 | |
| mybb | mybb | 1.2.4 | |
| mybb | mybb | 1.2.5 | |
| mybb | mybb | 1.2.6 | |
| mybb | mybb | 1.2.7 | |
| mybb | mybb | 1.2.8 | |
| mybb | mybb | 1.2.9 | |
| mybb | mybb | 1.2.10 | |
| mybb | mybb | 1.2.11 | |
| mybb | mybb | 1.2.12 | |
| mybb | mybb | 1.2.13 | |
| mybb | mybb | 1.2.14 | |
| mybb | mybb | 1.3 | |
| mybb | mybb | 1.4.0 | |
| mybb | mybb | 1.4.1 | |
| mybb | mybb | 1.4.2 | |
| mybb | mybb | 1.4.3 | |
| mybb | mybb | 1.4.4 | |
| mybb | mybb | 1.4.5 | |
| mybb | mybb | 1.4.6 | |
| mybb | mybb | 1.4.7 | |
| mybb | mybb | 1.4.8 | |
| mybb | mybb | 1.4.9 | |
| mybb | mybb | 1.4.10 | |
| mybb | mybb | 1.4.11 | |
| mybb | mybb | 1.4.12 | |
| mybb | mybb | 1.4.13 | |
| mybb | mybb | 1.4.14 | |
| mybb | mybb | 1.4.15 | |
| mybb | mybb | 1.4.16 | |
| mybb | mybb | 1.5.1 | |
| mybb | mybb | 1.5.2 | |
| mybb | mybb | 1.6.0 | |
| mybb | mybb | 1.6.1 | |
| mybb | mybb | 1.6.2 | |
| mybb | mybb | 1.6.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "6EF48E06-2401-400C-B4DB-F26505D0638C", versionEndIncluding: "1.6.4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CF143B59-5C78-4BF6-9368-5BCF427B4753", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "B16F6F07-F5A9-47BF-88ED-25F068B68CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "A8A46A48-1361-4DD3-B97D-4C4FC776D68A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "337D89AE-1B7A-4101-B1F7-DFEDF2369385", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.4:*:*:*:*:*:*:*", matchCriteriaId: "BE08AF25-EDB1-4DA1-B431-F0692858AAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.5:*:*:*:*:*:*:*", matchCriteriaId: "BF24E7BA-3144-4DBA-9613-A44FBE0822F9", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.6:*:*:*:*:*:*:*", matchCriteriaId: "029430A5-85BD-4258-B58D-F3DCBC625E5B", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.7:*:*:*:*:*:*:*", matchCriteriaId: "4183DB7F-FAB3-4D90-AD87-31CA4150CFDD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.1.8:*:*:*:*:*:*:*", matchCriteriaId: "3E2B90B8-DC02-4C79-BD69-DEF79945C418", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2:*:*:*:*:*:*:*", matchCriteriaId: "4E080342-93CD-4E74-AE60-5858738CE7F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B48D2EDF-86C2-475C-9476-E5A2D586CA0E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B6725373-C229-4B57-BB1E-AF178E19DEB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "36E4C84A-21D5-4C9A-85F8-45C9657CE6F5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.3:*:*:*:*:*:*:*", matchCriteriaId: "C7E55085-E3E3-4BB8-A680-19A28D7E88F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "AB01A9AA-AE70-46DF-815A-05D1101EE706", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "98AFD77B-A046-4AB9-B6F4-FFFF66C63C68", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.6:*:*:*:*:*:*:*", matchCriteriaId: "AA00D38E-AAF6-4F66-9203-5C074FC61F30", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.7:*:*:*:*:*:*:*", matchCriteriaId: "137A8CED-BE82-462F-B83C-15F535961E74", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.8:*:*:*:*:*:*:*", matchCriteriaId: "D179FDB6-9B1D-438C-B512-9A5C4F869A4C", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.9:*:*:*:*:*:*:*", matchCriteriaId: "B3E72A13-6B4A-4C7F-B8D9-A2D35E074B67", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.10:*:*:*:*:*:*:*", matchCriteriaId: "3A2D344F-4671-4194-A553-A5773B5DF3B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.11:*:*:*:*:*:*:*", matchCriteriaId: "245760C8-DC10-47F1-843A-461AE2F3DF61", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.12:*:*:*:*:*:*:*", matchCriteriaId: "A055E6BF-3CAC-4C74-8E37-A89E3E0F8559", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.13:*:*:*:*:*:*:*", matchCriteriaId: "1121A071-3709-4B2B-ADF4-EDC560F73E0A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.2.14:*:*:*:*:*:*:*", matchCriteriaId: "71FD2842-7E00-440F-8A93-9D3F45A004DB", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.3:pre-1.0:*:*:*:*:*:*", matchCriteriaId: "16C45BFE-A083-4DC8-A2E5-9BCE543F5AE4", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "3FC8864E-161F-408E-93D6-693A9238C494", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "4C5965DE-D9B6-4074-B14B-ABCAAAAB872B", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9503D6C2-DCBC-4720-BE29-34913950407E", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.3:*:*:*:*:*:*:*", matchCriteriaId: "0F6FC2B1-45DF-439E-8BAE-A15A08E7D9F7", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.4:*:*:*:*:*:*:*", matchCriteriaId: "853E94FE-A56F-44B0-87FE-DE5927B7A547", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.5:*:*:*:*:*:*:*", matchCriteriaId: "49C7F758-9E38-4870-85C3-11E350F96641", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.6:*:*:*:*:*:*:*", matchCriteriaId: "B46B7E13-51F8-4950-BBB4-A03B8E5B4750", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.7:*:*:*:*:*:*:*", matchCriteriaId: "58C9C804-6901-412C-B178-183417BD5C04", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.8:*:*:*:*:*:*:*", matchCriteriaId: "A00F1254-67DE-436D-AB83-1C55639BDBD2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.9:*:*:*:*:*:*:*", matchCriteriaId: "AC2FDC2B-2CB4-433F-9290-3A6BE0A929B5", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.10:*:*:*:*:*:*:*", matchCriteriaId: "1FF9452B-CF4B-45F0-8487-23D9CCBB1A4A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.11:*:*:*:*:*:*:*", matchCriteriaId: "2021275B-D61A-4309-8876-5354E115CB29", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.12:*:*:*:*:*:*:*", matchCriteriaId: "7925DEA1-8062-45C9-94E7-19D8FACEAFCD", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.13:*:*:*:*:*:*:*", matchCriteriaId: "D35E537F-0F49-40AB-9E97-7898D91353D1", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.14:*:*:*:*:*:*:*", matchCriteriaId: "BCDC1181-A2B7-4D1B-B2BF-DAC9E58E88C3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.15:*:*:*:*:*:*:*", matchCriteriaId: "57C37D10-B945-4674-A846-BCEC573FF93C", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.4.16:*:*:*:*:*:*:*", matchCriteriaId: "4FD245B9-1381-4A1B-AF47-F28349FA6F52", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "2AFD7848-56E4-4608-82E7-CFF46A8809AC", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.5.2:*:*:*:*:*:*:*", matchCriteriaId: "CC489F94-3545-4E1A-AE9E-B88EB1A7D516", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5B50C36-C3D7-48FD-805B-4A94E727C93F", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.1:*:*:*:*:*:*:*", matchCriteriaId: "FBEB75D4-FAA4-4A5B-AA0A-57EE8EE88E61", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.2:*:*:*:*:*:*:*", matchCriteriaId: "00E51ABC-9F77-4028-BE47-D5BFD4FEC749", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.3:*:*:*:*:*:*:*", matchCriteriaId: "E0BD20D9-0DFC-451F-9C71-38C6D0236CF2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site request forgery (CSRF) vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of a user for requests that change the user's language via the language parameter.", }, { lang: "es", value: "Vulnerabilidad de solicitudes falsificadas en sitios cruzados (CSRF) en global.php en MyBB anterior a v1.6.5 permite a atacantes remotos secuestrar la autenticación de un usuario para solicitar un cambio de lenguaje del usuario a través del parámetro de lenguaje.", }, ], id: "CVE-2011-5131", lastModified: "2024-11-21T01:33:42.770", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2012-08-30T22:55:04.137", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/", }, { source: "cve@mitre.org", url: "http://dev.mybb.com/issues/1729", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/46951", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/77327", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/50816", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/71462", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://dev.mybb.com/issues/1729", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/46951", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/77327", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/50816", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/71462", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-31 22:59
Modified
2024-11-21 02:39
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the error handler in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94397 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94397 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/ | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:merge_system:1.8.5:*:*:*:*:*:*:*", matchCriteriaId: "84DB6EE0-4972-434D-9C89-7BD9EB4896B7", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "2FF6F484-A280-45A6-BB5E-B923339B7109", versionEndIncluding: "1.6.17", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.8.0:*:*:*:*:*:*:*", matchCriteriaId: "E697D13C-5594-491B-B911-3B4BEA00AFCC", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.8.1:*:*:*:*:*:*:*", matchCriteriaId: "00724054-858F-4322-8BE5-F6929CC2CAD8", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.8.2:*:*:*:*:*:*:*", matchCriteriaId: "95998F68-1F16-4FEA-BDE3-957235D04881", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.8.3:*:*:*:*:*:*:*", matchCriteriaId: "927F9547-773B-4F2C-8870-AA3672EEC7CA", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.8.4:*:*:*:*:*:*:*", matchCriteriaId: "6817FA9E-51B7-4ADE-86E2-E9F559A585EC", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.8.5:*:*:*:*:*:*:*", matchCriteriaId: "667EFFF1-E5C1-4124-BD0B-D4244FAECE15", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the error handler in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, { lang: "es", value: "Vulnerabilidad de XSS en el manejador de errores en MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.6.18 y 1.8.x en versiones anteriores a 1.8.6 y MyBB Merge System en versiones anteriores a 1.8.6 podría permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados.", }, ], id: "CVE-2015-8975", lastModified: "2024-11-21T02:39:35.127", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-31T22:59:00.237", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94397", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94397", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-22 00:15
Modified
2024-11-21 07:27
Severity ?
Summary
MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in the visual MyCode editor (SCEditor) allows remote attackers to inject HTML via user input or stored data
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/mybb/mybb/security/advisories/GHSA-6vpw-m83q-27px | Patch, Third Party Advisory | |
| cve@mitre.org | https://mybb.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mybb/mybb/security/advisories/GHSA-6vpw-m83q-27px | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mybb.com | Product |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "81E81B96-4E85-4D0F-BEB7-D2A8E71DDD02", versionEndExcluding: "1.8.32", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in the visual MyCode editor (SCEditor) allows remote attackers to inject HTML via user input or stored data", }, { lang: "es", value: "MyBB 1.8.31 tiene una vulnerabilidad de Cross-Site Scripting (XSS) en el editor visual MyCode (SCEditor) que permite a atacantes remotos inyectar HTML a través de la entrada del usuario o datos almacenados.", }, ], id: "CVE-2022-43707", lastModified: "2024-11-21T07:27:05.920", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-22T00:15:10.023", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-6vpw-m83q-27px", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://mybb.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-6vpw-m83q-27px", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://mybb.com", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-08-14 18:47
Modified
2024-11-21 02:11
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in MyBB before 1.6.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to video MyCode.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", matchCriteriaId: "64B78C22-D24E-4B6E-9DE8-2F4E0DF876A9", versionEndIncluding: "1.6.14", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5B50C36-C3D7-48FD-805B-4A94E727C93F", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.1:*:*:*:*:*:*:*", matchCriteriaId: "FBEB75D4-FAA4-4A5B-AA0A-57EE8EE88E61", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.2:*:*:*:*:*:*:*", matchCriteriaId: "00E51ABC-9F77-4028-BE47-D5BFD4FEC749", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.3:*:*:*:*:*:*:*", matchCriteriaId: "E0BD20D9-0DFC-451F-9C71-38C6D0236CF2", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.4:*:*:*:*:*:*:*", matchCriteriaId: "FDFE35CB-05CC-4E6F-B188-1141773E7F10", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.5:*:*:*:*:*:*:*", matchCriteriaId: "22A90F66-DAE9-45FC-B255-390D569CCC56", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.6:*:*:*:*:*:*:*", matchCriteriaId: "E1A3FDDB-9488-405B-A2A0-500CF49061BE", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.7:*:*:*:*:*:*:*", matchCriteriaId: "04264BC5-425C-47D4-9EE0-35BF11B904F9", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.8:*:*:*:*:*:*:*", matchCriteriaId: "5E42628F-7E7F-4E3A-BB8E-699166CB86B3", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.9:*:*:*:*:*:*:*", matchCriteriaId: "A02FA2FA-E035-40CD-9C0F-A143A931D40D", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.10:*:*:*:*:*:*:*", matchCriteriaId: "F52B8848-9103-4A78-A45B-6BE73855647A", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.11:*:*:*:*:*:*:*", matchCriteriaId: "C7170B92-1D43-49CA-BC79-469F0C8965D6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.12:*:*:*:*:*:*:*", matchCriteriaId: "0B8D20CC-DBF2-490F-ACF7-06805BA13FF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mybb:mybb:1.6.13:*:*:*:*:*:*:*", matchCriteriaId: "C697DCFB-B3ED-407E-8926-5ABA9DB372FF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in MyBB before 1.6.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to video MyCode.", }, { lang: "es", value: "Vulnerabilidad de XSS en MyBB anterior a 1.6.15 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a traves de vectores relacionados con video MyCode.", }, ], id: "CVE-2014-5248", lastModified: "2024-11-21T02:11:41.567", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2014-08-14T18:47:06.817", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2014/08/04/mybb-1-6-15-released-security-maintenance-release", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/59707", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.mybb.com/2014/08/04/mybb-1-6-15-released-security-maintenance-release", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/59707", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2008-4929
Vulnerability from cvelistv5
Published
2008-11-04 20:00
Modified
2025-01-17 15:22
Severity ?
EPSS score ?
Summary
MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/31936 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2008/2967 | vdb-entry, x_refsource_VUPEN | |
| http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html | mailing-list, x_refsource_FULLDISC | |
| http://www.openwall.com/lists/oss-security/2008/11/01/2 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T10:31:28.329Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "31936", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/31936", }, { name: "20081027 MyBB 1.4.2: Multiple Vulnerabilties", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html", }, { name: "ADV-2008-2967", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2967", }, { name: "20081027 MyBB 1.4.2: Multiple Vulnerabilties", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html", }, { name: "[oss-security] 20081101 CVE request (Fwd: MyBB 1.4.2: Multiple Vulnerabilties)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2008/11/01/2", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2008-4929", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-14T18:30:55.573662Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-17T15:22:15.716Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-10-27T00:00:00", descriptions: [ { lang: "en", value: "MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2008-11-15T10:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "31936", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/31936", }, { name: "20081027 MyBB 1.4.2: Multiple Vulnerabilties", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html", }, { name: "ADV-2008-2967", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2967", }, { name: "20081027 MyBB 1.4.2: Multiple Vulnerabilties", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html", }, { name: "[oss-security] 20081101 CVE request (Fwd: MyBB 1.4.2: Multiple Vulnerabilties)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2008/11/01/2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-4929", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "31936", refsource: "BID", url: "http://www.securityfocus.com/bid/31936", }, { name: "20081027 MyBB 1.4.2: Multiple Vulnerabilties", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html", }, { name: "ADV-2008-2967", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/2967", }, { name: "20081027 MyBB 1.4.2: Multiple Vulnerabilties", refsource: "FULLDISC", url: "http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html", }, { name: "[oss-security] 20081101 CVE request (Fwd: MyBB 1.4.2: Multiple Vulnerabilties)", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2008/11/01/2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-4929", datePublished: "2008-11-04T20:00:00", dateReserved: "2008-11-04T00:00:00", dateUpdated: "2025-01-17T15:22:15.716Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-3071
Vulnerability from cvelistv5
Published
2008-07-08 18:00
Modified
2024-08-07 09:21
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in inc/class_language.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $language variable.
References
| ▼ | URL | Tags |
|---|---|---|
| http://community.mybboard.net/attachment.php?aid=9272 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/31013 | third-party-advisory, x_refsource_SECUNIA | |
| http://community.mybboard.net/showthread.php?tid=31666 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:21:35.154Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://community.mybboard.net/attachment.php?aid=9272", }, { name: "31013", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31013", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://community.mybboard.net/showthread.php?tid=31666", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-05-21T00:00:00", descriptions: [ { lang: "en", value: "Directory traversal vulnerability in inc/class_language.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $language variable.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-11-27T10:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://community.mybboard.net/attachment.php?aid=9272", }, { name: "31013", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31013", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://community.mybboard.net/showthread.php?tid=31666", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-3071", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Directory traversal vulnerability in inc/class_language.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $language variable.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://community.mybboard.net/attachment.php?aid=9272", refsource: "CONFIRM", url: "http://community.mybboard.net/attachment.php?aid=9272", }, { name: "31013", refsource: "SECUNIA", url: "http://secunia.com/advisories/31013", }, { name: "http://community.mybboard.net/showthread.php?tid=31666", refsource: "CONFIRM", url: "http://community.mybboard.net/showthread.php?tid=31666", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-3071", datePublished: "2008-07-08T18:00:00", dateReserved: "2008-07-08T00:00:00", dateUpdated: "2024-08-07T09:21:35.154Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-2326
Vulnerability from cvelistv5
Published
2012-08-13 18:00
Modified
2024-09-16 16:37
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to inject arbitrary web script or HTML via a malformed file name in an orphaned attachment.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/53417 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2012/05/07/13 | mailing-list, x_refsource_MLIST | |
| http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/05/07/14 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T19:34:23.580Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "53417", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/53417", }, { name: "[oss-security] 20120507 CVE request: mybb before 1.6.7", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/05/07/13", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", }, { name: "[oss-security] 20120507 Re: CVE request: mybb before 1.6.7", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/05/07/14", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to inject arbitrary web script or HTML via a malformed file name in an orphaned attachment.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-08-13T18:00:00Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "53417", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/53417", }, { name: "[oss-security] 20120507 CVE request: mybb before 1.6.7", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/05/07/13", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", }, { name: "[oss-security] 20120507 Re: CVE request: mybb before 1.6.7", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/05/07/14", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2012-2326", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to inject arbitrary web script or HTML via a malformed file name in an orphaned attachment.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "53417", refsource: "BID", url: "http://www.securityfocus.com/bid/53417", }, { name: "[oss-security] 20120507 CVE request: mybb before 1.6.7", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/05/07/13", }, { name: "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", refsource: "CONFIRM", url: "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", }, { name: "[oss-security] 20120507 Re: CVE request: mybb before 1.6.7", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/05/07/14", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-2326", datePublished: "2012-08-13T18:00:00Z", dateReserved: "2012-04-19T00:00:00Z", dateUpdated: "2024-09-16T16:37:30.858Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-5908
Vulnerability from cvelistv5
Published
2012-11-17 21:00
Modified
2024-08-06 21:21
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to inject arbitrary web script or HTML via the conditions[usergroup][] parameter in a search action to admin/index.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/74397 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/80633 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/52743 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.org/files/111238/MyBB-1.6.6-Cross-Site-Scripting-SQL-Injection.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T21:21:28.081Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "mybb-index-conditionsusergroup-xss(74397)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74397", }, { name: "80633", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/80633", }, { name: "52743", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/52743", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.org/files/111238/MyBB-1.6.6-Cross-Site-Scripting-SQL-Injection.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-03-27T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to inject arbitrary web script or HTML via the conditions[usergroup][] parameter in a search action to admin/index.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "mybb-index-conditionsusergroup-xss(74397)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74397", }, { name: "80633", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/80633", }, { name: "52743", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/52743", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.org/files/111238/MyBB-1.6.6-Cross-Site-Scripting-SQL-Injection.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2012-5908", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to inject arbitrary web script or HTML via the conditions[usergroup][] parameter in a search action to admin/index.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "mybb-index-conditionsusergroup-xss(74397)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74397", }, { name: "80633", refsource: "OSVDB", url: "http://osvdb.org/80633", }, { name: "52743", refsource: "BID", url: "http://www.securityfocus.com/bid/52743", }, { name: "http://packetstormsecurity.org/files/111238/MyBB-1.6.6-Cross-Site-Scripting-SQL-Injection.html", refsource: "MISC", url: "http://packetstormsecurity.org/files/111238/MyBB-1.6.6-Cross-Site-Scripting-SQL-Injection.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2012-5908", datePublished: "2012-11-17T21:00:00", dateReserved: "2012-11-17T00:00:00", dateUpdated: "2024-08-06T21:21:28.081Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-3578
Vulnerability from cvelistv5
Published
2019-06-06 18:13
Modified
2024-08-04 19:12
Severity ?
EPSS score ?
Summary
MyBB 1.8.19 has XSS in the resetpassword function.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/ | x_refsource_CONFIRM | |
| https://blog.mybb.com/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:12:09.635Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.mybb.com/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "MyBB 1.8.19 has XSS in the resetpassword function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-06T18:13:52", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/", }, { tags: [ "x_refsource_MISC", ], url: "https://blog.mybb.com/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-3578", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "MyBB 1.8.19 has XSS in the resetpassword function.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/", refsource: "CONFIRM", url: "https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/", }, { name: "https://blog.mybb.com/", refsource: "MISC", url: "https://blog.mybb.com/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-3578", datePublished: "2019-06-06T18:13:52", dateReserved: "2019-01-02T00:00:00", dateUpdated: "2024-08-04T19:12:09.635Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-3069
Vulnerability from cvelistv5
Published
2008-07-08 18:00
Modified
2024-08-07 09:21
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MyBB before 1.2.13 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) portal.php and (2) inc/functions_post.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://community.mybboard.net/attachment.php?aid=9272 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/31013 | third-party-advisory, x_refsource_SECUNIA | |
| http://community.mybboard.net/showthread.php?tid=31666 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:21:34.953Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://community.mybboard.net/attachment.php?aid=9272", }, { name: "31013", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31013", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://community.mybboard.net/showthread.php?tid=31666", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-05-21T00:00:00", descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in MyBB before 1.2.13 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) portal.php and (2) inc/functions_post.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-11-27T10:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://community.mybboard.net/attachment.php?aid=9272", }, { name: "31013", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31013", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://community.mybboard.net/showthread.php?tid=31666", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-3069", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site scripting (XSS) vulnerabilities in MyBB before 1.2.13 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) portal.php and (2) inc/functions_post.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://community.mybboard.net/attachment.php?aid=9272", refsource: "CONFIRM", url: "http://community.mybboard.net/attachment.php?aid=9272", }, { name: "31013", refsource: "SECUNIA", url: "http://secunia.com/advisories/31013", }, { name: "http://community.mybboard.net/showthread.php?tid=31666", refsource: "CONFIRM", url: "http://community.mybboard.net/showthread.php?tid=31666", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-3069", datePublished: "2008-07-08T18:00:00", dateReserved: "2008-07-08T00:00:00", dateUpdated: "2024-08-07T09:21:34.953Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-8975
Vulnerability from cvelistv5
Published
2017-01-31 22:00
Modified
2024-08-06 08:36
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the error handler in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/94397 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/11/18/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/11/10/8 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T08:36:30.559Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/", }, { name: "94397", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94397", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-09-07T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the error handler in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-02-01T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/", }, { name: "94397", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94397", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-8975", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the error handler in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/", refsource: "CONFIRM", url: "https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/", }, { name: "94397", refsource: "BID", url: "http://www.securityfocus.com/bid/94397", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-8975", datePublished: "2017-01-31T22:00:00", dateReserved: "2016-11-17T00:00:00", dateUpdated: "2024-08-06T08:36:30.559Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-22612
Vulnerability from cvelistv5
Published
2023-09-01 00:00
Modified
2024-10-01 16:51
Severity ?
EPSS score ?
Summary
Installer RCE on settings file write in MyBB before 1.8.22.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mybb.com/versions/1.8.22/ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T14:51:10.826Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://mybb.com/versions/1.8.22/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-22612", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-01T16:51:14.227414Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-01T16:51:57.449Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Installer RCE on settings file write in MyBB before 1.8.22.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-01T15:04:10.910557", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://mybb.com/versions/1.8.22/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-22612", datePublished: "2023-09-01T00:00:00", dateReserved: "2020-08-13T00:00:00", dateUpdated: "2024-10-01T16:51:57.449Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2006-0218
Vulnerability from cvelistv5
Published
2006-01-16 21:00
Modified
2024-09-17 02:37
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php, (4) inc/functions_upload.php, (5) printthread.php, and (6) usercp.php, and probably related to SQL injection. NOTE: it is likely that this issue subsumes CVE-2005-4602 and CVE-2005-4603. However, since the vendor advisory is vague and additional files are mentioned, is is likely that this contains at least one distinct vulnerability from CVE-2005-4602 and CVE-2005-4603.
References
| ▼ | URL | Tags |
|---|---|---|
| http://community.mybboard.net/showthread.php?tid=5852 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T16:25:34.062Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://community.mybboard.net/showthread.php?tid=5852", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php, (4) inc/functions_upload.php, (5) printthread.php, and (6) usercp.php, and probably related to SQL injection. NOTE: it is likely that this issue subsumes CVE-2005-4602 and CVE-2005-4603. However, since the vendor advisory is vague and additional files are mentioned, is is likely that this contains at least one distinct vulnerability from CVE-2005-4602 and CVE-2005-4603.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2006-01-16T21:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://community.mybboard.net/showthread.php?tid=5852", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2006-0218", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php, (4) inc/functions_upload.php, (5) printthread.php, and (6) usercp.php, and probably related to SQL injection. NOTE: it is likely that this issue subsumes CVE-2005-4602 and CVE-2005-4603. However, since the vendor advisory is vague and additional files are mentioned, is is likely that this contains at least one distinct vulnerability from CVE-2005-4602 and CVE-2005-4603.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://community.mybboard.net/showthread.php?tid=5852", refsource: "CONFIRM", url: "http://community.mybboard.net/showthread.php?tid=5852", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2006-0218", datePublished: "2006-01-16T21:00:00Z", dateReserved: "2006-01-16T00:00:00Z", dateUpdated: "2024-09-17T02:37:44.003Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-3827
Vulnerability from cvelistv5
Published
2020-02-11 18:23
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the title parameter in the (1) edit or (2) add action in the user-users module or the (3) finduser action or the name parameter in an (4) edit action in the user-user module or the (5) editprofile action to modcp.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/ | x_refsource_CONFIRM | |
| https://adamziaja.com/poc/201312-xss-mybb.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:57:17.354Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://adamziaja.com/poc/201312-xss-mybb.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-12-15T00:00:00", descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the title parameter in the (1) edit or (2) add action in the user-users module or the (3) finduser action or the name parameter in an (4) edit action in the user-user module or the (5) editprofile action to modcp.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-02-11T18:42:26", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { tags: [ "x_refsource_MISC", ], url: "https://adamziaja.com/poc/201312-xss-mybb.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-3827", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the title parameter in the (1) edit or (2) add action in the user-users module or the (3) finduser action or the name parameter in an (4) edit action in the user-user module or the (5) editprofile action to modcp.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", refsource: "CONFIRM", url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { name: "https://adamziaja.com/poc/201312-xss-mybb.html", refsource: "MISC", url: "https://adamziaja.com/poc/201312-xss-mybb.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-3827", datePublished: "2020-02-11T18:23:37", dateReserved: "2014-05-22T00:00:00", dateUpdated: "2024-08-06T10:57:17.354Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-1964
Vulnerability from cvelistv5
Published
2007-04-11 10:00
Modified
2024-08-07 13:13
Severity ?
EPSS score ?
Summary
member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/464267/100/100/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/33345 | vdb-entry, x_refsource_XF | |
| http://securityreason.com/securityalert/2544 | third-party-advisory, x_refsource_SREASON |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T13:13:42.011Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20070330 Mybb Change Password Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/464267/100/100/threaded", }, { name: "mybb-debugmode-information-disclosure(33345)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/33345", }, { name: "2544", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/2544", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-03-30T00:00:00", descriptions: [ { lang: "en", value: "member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20070330 Mybb Change Password Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/464267/100/100/threaded", }, { name: "mybb-debugmode-information-disclosure(33345)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/33345", }, { name: "2544", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/2544", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-1964", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20070330 Mybb Change Password Vulnerability", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/464267/100/100/threaded", }, { name: "mybb-debugmode-information-disclosure(33345)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/33345", }, { name: "2544", refsource: "SREASON", url: "http://securityreason.com/securityalert/2544", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-1964", datePublished: "2007-04-11T10:00:00", dateReserved: "2007-04-10T00:00:00", dateUpdated: "2024-08-07T13:13:42.011Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-16780
Vulnerability from cvelistv5
Published
2017-11-10 23:00
Modified
2024-08-05 20:35
Severity ?
EPSS score ?
Summary
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release/ | x_refsource_CONFIRM | |
| https://www.exploit-db.com/exploits/43136/ | exploit, x_refsource_EXPLOIT-DB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T20:35:20.955Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release/", }, { name: "43136", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/43136/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-11-10T00:00:00", descriptions: [ { lang: "en", value: "The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-11-20T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release/", }, { name: "43136", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/43136/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-16780", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release/", refsource: "CONFIRM", url: "https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release/", }, { name: "43136", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/43136/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-16780", datePublished: "2017-11-10T23:00:00", dateReserved: "2017-11-10T00:00:00", dateUpdated: "2024-08-05T20:35:20.955Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-15596
Vulnerability from cvelistv5
Published
2018-08-28 19:00
Modified
2024-08-05 10:01
Severity ?
EPSS score ?
Summary
An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles (within title elements of the generated XML documents) aren't sanitized, leading to XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/45393/ | exploit, x_refsource_EXPLOIT-DB | |
| https://blog.mybb.com/2018/08/22/mybb-1-8-18-released-security-maintenance-release/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T10:01:53.370Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "45393", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/45393/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/2018/08/22/mybb-1-8-18-released-security-maintenance-release/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-08-22T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles (within title elements of the generated XML documents) aren't sanitized, leading to XSS.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-09-14T09:57:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "45393", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/45393/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/2018/08/22/mybb-1-8-18-released-security-maintenance-release/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-15596", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles (within title elements of the generated XML documents) aren't sanitized, leading to XSS.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "45393", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/45393/", }, { name: "https://blog.mybb.com/2018/08/22/mybb-1-8-18-released-security-maintenance-release/", refsource: "CONFIRM", url: "https://blog.mybb.com/2018/08/22/mybb-1-8-18-released-security-maintenance-release/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-15596", datePublished: "2018-08-28T19:00:00", dateReserved: "2018-08-20T00:00:00", dateUpdated: "2024-08-05T10:01:53.370Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-4624
Vulnerability from cvelistv5
Published
2010-12-30 20:00
Modified
2024-08-07 03:51
Severity ?
EPSS score ?
Summary
MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated users to bypass intended restrictions on the number of [img] MyCodes by editing a post after it has been created.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/ | x_refsource_CONFIRM | |
| http://dev.mybboard.net/issues/728 | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2010/10/08/7 | mailing-list, x_refsource_MLIST | |
| http://openwall.com/lists/oss-security/2010/10/11/8 | mailing-list, x_refsource_MLIST | |
| http://openwall.com/lists/oss-security/2010/12/06/2 | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64518 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T03:51:17.658Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://dev.mybboard.net/issues/728", }, { name: "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2010/10/08/7", }, { name: "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2010/10/11/8", }, { name: "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2010/12/06/2", }, { name: "mybb-mycodes-security-bypass(64518)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64518", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2010-04-13T00:00:00", descriptions: [ { lang: "en", value: "MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated users to bypass intended restrictions on the number of [img] MyCodes by editing a post after it has been created.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://dev.mybboard.net/issues/728", }, { name: "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openwall.com/lists/oss-security/2010/10/08/7", }, { name: "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openwall.com/lists/oss-security/2010/10/11/8", }, { name: "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openwall.com/lists/oss-security/2010/12/06/2", }, { name: "mybb-mycodes-security-bypass(64518)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64518", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2010-4624", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated users to bypass intended restrictions on the number of [img] MyCodes by editing a post after it has been created.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", refsource: "CONFIRM", url: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", }, { name: "http://dev.mybboard.net/issues/728", refsource: "CONFIRM", url: "http://dev.mybboard.net/issues/728", }, { name: "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12", refsource: "MLIST", url: "http://openwall.com/lists/oss-security/2010/10/08/7", }, { name: "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12", refsource: "MLIST", url: "http://openwall.com/lists/oss-security/2010/10/11/8", }, { name: "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12", refsource: "MLIST", url: "http://openwall.com/lists/oss-security/2010/12/06/2", }, { name: "mybb-mycodes-security-bypass(64518)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64518", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2010-4624", datePublished: "2010-12-30T20:00:00", dateReserved: "2010-12-30T00:00:00", dateUpdated: "2024-08-07T03:51:17.658Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9413
Vulnerability from cvelistv5
Published
2017-01-31 22:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94395 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/11/18/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/11/10/8 | mailing-list, x_refsource_MLIST | |
| https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:50:37.728Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "94395", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-11T00:00:00", descriptions: [ { lang: "en", value: "The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to conduct clickjacking attacks via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-02-01T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "94395", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9413", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to conduct clickjacking attacks via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "94395", refsource: "BID", url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", refsource: "CONFIRM", url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9413", datePublished: "2017-01-31T22:00:00", dateReserved: "2016-11-17T00:00:00", dateUpdated: "2024-08-06T02:50:37.728Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-7275
Vulnerability from cvelistv5
Published
2014-01-08 15:00
Modified
2024-09-16 19:45
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie list popup.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mybb/mybb/commit/6212bc954d72caf591e141ca36b8df964387bee8 | x_refsource_CONFIRM | |
| http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release | x_refsource_CONFIRM | |
| http://secunia.com/advisories/55945 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/64570 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/101545 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T18:01:20.338Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/mybb/mybb/commit/6212bc954d72caf591e141ca36b8df964387bee8", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release", }, { name: "55945", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/55945", }, { name: "64570", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/64570", }, { name: "101545", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/101545", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie list popup.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-01-08T15:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/mybb/mybb/commit/6212bc954d72caf591e141ca36b8df964387bee8", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release", }, { name: "55945", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/55945", }, { name: "64570", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/64570", }, { name: "101545", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/101545", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-7275", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie list popup.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/mybb/mybb/commit/6212bc954d72caf591e141ca36b8df964387bee8", refsource: "CONFIRM", url: "https://github.com/mybb/mybb/commit/6212bc954d72caf591e141ca36b8df964387bee8", }, { name: "http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release", refsource: "CONFIRM", url: "http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release", }, { name: "55945", refsource: "SECUNIA", url: "http://secunia.com/advisories/55945", }, { name: "64570", refsource: "BID", url: "http://www.securityfocus.com/bid/64570", }, { name: "101545", refsource: "OSVDB", url: "http://osvdb.org/101545", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-7275", datePublished: "2014-01-08T15:00:00Z", dateReserved: "2014-01-08T00:00:00Z", dateUpdated: "2024-09-16T19:45:42.403Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9405
Vulnerability from cvelistv5
Published
2017-01-31 22:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in member validation in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94395 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/11/18/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/11/10/8 | mailing-list, x_refsource_MLIST | |
| https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:50:37.882Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "94395", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-11T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in member validation in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-02-01T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "94395", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9405", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in member validation in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "94395", refsource: "BID", url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", refsource: "CONFIRM", url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9405", datePublished: "2017-01-31T22:00:00", dateReserved: "2016-11-17T00:00:00", dateUpdated: "2024-08-06T02:50:37.882Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-0383
Vulnerability from cvelistv5
Published
2008-01-22 19:00
Modified
2024-08-07 07:46
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary SQL commands via (1) the mergepost parameter in a do_mergeposts action, (2) rid parameter in an allreports action, or (3) threads parameter in a do_multimovethreads action to (a) moderation.php; or (4) gid parameter to (b) admin/usergroups.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/27323 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39728 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/28509 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39729 | vdb-entry, x_refsource_XF | |
| http://www.waraxe.us/advisory-62.html | x_refsource_MISC | |
| http://securityreason.com/securityalert/3558 | third-party-advisory, x_refsource_SREASON | |
| http://community.mybboard.net/showthread.php?tid=27227 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/486433/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T07:46:54.256Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "27323", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/27323", }, { name: "mybb-moderationphp-sql-injection(39728)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39728", }, { name: "28509", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/28509", }, { name: "mybb-usergroups-sql-injection(39729)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39729", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.waraxe.us/advisory-62.html", }, { name: "3558", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/3558", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://community.mybboard.net/showthread.php?tid=27227", }, { name: "20080116 [waraxe-2008-SA#062] - Multiple Sql Injections in MyBB 1.2.10", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/486433/100/0/threaded", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-01-16T00:00:00", descriptions: [ { lang: "en", value: "Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary SQL commands via (1) the mergepost parameter in a do_mergeposts action, (2) rid parameter in an allreports action, or (3) threads parameter in a do_multimovethreads action to (a) moderation.php; or (4) gid parameter to (b) admin/usergroups.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-15T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "27323", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/27323", }, { name: "mybb-moderationphp-sql-injection(39728)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39728", }, { name: "28509", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/28509", }, { name: "mybb-usergroups-sql-injection(39729)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39729", }, { tags: [ "x_refsource_MISC", ], url: "http://www.waraxe.us/advisory-62.html", }, { name: "3558", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/3558", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://community.mybboard.net/showthread.php?tid=27227", }, { name: "20080116 [waraxe-2008-SA#062] - Multiple Sql Injections in MyBB 1.2.10", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/486433/100/0/threaded", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-0383", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary SQL commands via (1) the mergepost parameter in a do_mergeposts action, (2) rid parameter in an allreports action, or (3) threads parameter in a do_multimovethreads action to (a) moderation.php; or (4) gid parameter to (b) admin/usergroups.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "27323", refsource: "BID", url: "http://www.securityfocus.com/bid/27323", }, { name: "mybb-moderationphp-sql-injection(39728)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39728", }, { name: "28509", refsource: "SECUNIA", url: "http://secunia.com/advisories/28509", }, { name: "mybb-usergroups-sql-injection(39729)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39729", }, { name: "http://www.waraxe.us/advisory-62.html", refsource: "MISC", url: "http://www.waraxe.us/advisory-62.html", }, { name: "3558", refsource: "SREASON", url: "http://securityreason.com/securityalert/3558", }, { name: "http://community.mybboard.net/showthread.php?tid=27227", refsource: "CONFIRM", url: "http://community.mybboard.net/showthread.php?tid=27227", }, { name: "20080116 [waraxe-2008-SA#062] - Multiple Sql Injections in MyBB 1.2.10", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/486433/100/0/threaded", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-0383", datePublished: "2008-01-22T19:00:00", dateReserved: "2008-01-22T00:00:00", dateUpdated: "2024-08-07T07:46:54.256Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9408
Vulnerability from cvelistv5
Published
2017-01-31 22:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Mod control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving editing users.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94395 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/11/18/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/11/10/8 | mailing-list, x_refsource_MLIST | |
| https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:50:37.699Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "94395", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-11T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the Mod control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving editing users.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-02-01T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "94395", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9408", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the Mod control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving editing users.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "94395", refsource: "BID", url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", refsource: "CONFIRM", url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9408", datePublished: "2017-01-31T22:00:00", dateReserved: "2016-11-17T00:00:00", dateUpdated: "2024-08-06T02:50:37.699Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9414
Vulnerability from cvelistv5
Published
2017-01-31 22:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow remote attackers to obtain sensitive information by leveraging missing directory listing protection in upload directories.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94395 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/11/18/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/11/10/8 | mailing-list, x_refsource_MLIST | |
| https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:50:37.918Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "94395", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-11T00:00:00", descriptions: [ { lang: "en", value: "MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow remote attackers to obtain sensitive information by leveraging missing directory listing protection in upload directories.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-02-01T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "94395", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9414", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow remote attackers to obtain sensitive information by leveraging missing directory listing protection in upload directories.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "94395", refsource: "BID", url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", refsource: "CONFIRM", url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9414", datePublished: "2017-01-31T22:00:00", dateReserved: "2016-11-17T00:00:00", dateUpdated: "2024-08-06T02:50:37.918Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-10678
Vulnerability from cvelistv5
Published
2018-05-13 20:00
Modified
2024-08-05 07:46
Severity ?
EPSS score ?
Summary
MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target="_blank" rel="noopener"' in A elements, which makes it easier for remote attackers to conduct redirection attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/104187 | vdb-entry, x_refsource_BID | |
| https://gist.github.com/MayurUdiniya/7aaa50b878d82b6aab6ed0b3e2b080bc | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:46:46.382Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "104187", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104187", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gist.github.com/MayurUdiniya/7aaa50b878d82b6aab6ed0b3e2b080bc", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-05-13T00:00:00", descriptions: [ { lang: "en", value: "MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target=\"_blank\" rel=\"noopener\"' in A elements, which makes it easier for remote attackers to conduct redirection attacks.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-05-17T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "104187", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104187", }, { tags: [ "x_refsource_MISC", ], url: "https://gist.github.com/MayurUdiniya/7aaa50b878d82b6aab6ed0b3e2b080bc", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-10678", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target=\"_blank\" rel=\"noopener\"' in A elements, which makes it easier for remote attackers to conduct redirection attacks.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "104187", refsource: "BID", url: "http://www.securityfocus.com/bid/104187", }, { name: "https://gist.github.com/MayurUdiniya/7aaa50b878d82b6aab6ed0b3e2b080bc", refsource: "MISC", url: "https://gist.github.com/MayurUdiniya/7aaa50b878d82b6aab6ed0b3e2b080bc", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-10678", datePublished: "2018-05-13T20:00:00", dateReserved: "2018-05-02T00:00:00", dateUpdated: "2024-08-05T07:46:46.382Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-1963
Vulnerability from cvelistv5
Published
2007-04-11 10:00
Modified
2024-08-07 13:13
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775.
References
| ▼ | URL | Tags |
|---|---|---|
| http://community.mybboard.net/showthread.php?tid=18002 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/24689 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2007/1244 | vdb-entry, x_refsource_VUPEN | |
| https://www.exploit-db.com/exploits/3653 | exploit, x_refsource_EXPLOIT-DB | |
| http://osvdb.org/34657 | vdb-entry, x_refsource_OSVDB | |
| http://community.mybboard.net/attachment.php?aid=5842 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/464563/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T13:13:42.000Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://community.mybboard.net/showthread.php?tid=18002", }, { name: "24689", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/24689", }, { name: "ADV-2007-1244", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/1244", }, { name: "3653", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/3653", }, { name: "34657", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/34657", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://community.mybboard.net/attachment.php?aid=5842", }, { name: "20070403 MyBulletinBoard (MyBB) <= 1.2.3 Remote Code Execution Exploit", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/464563/100/0/threaded", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-04-03T00:00:00", descriptions: [ { lang: "en", value: "SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://community.mybboard.net/showthread.php?tid=18002", }, { name: "24689", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/24689", }, { name: "ADV-2007-1244", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/1244", }, { name: "3653", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/3653", }, { name: "34657", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/34657", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://community.mybboard.net/attachment.php?aid=5842", }, { name: "20070403 MyBulletinBoard (MyBB) <= 1.2.3 Remote Code Execution Exploit", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/464563/100/0/threaded", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-1963", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://community.mybboard.net/showthread.php?tid=18002", refsource: "CONFIRM", url: "http://community.mybboard.net/showthread.php?tid=18002", }, { name: "24689", refsource: "SECUNIA", url: "http://secunia.com/advisories/24689", }, { name: "ADV-2007-1244", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/1244", }, { name: "3653", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/3653", }, { name: "34657", refsource: "OSVDB", url: "http://osvdb.org/34657", }, { name: "http://community.mybboard.net/attachment.php?aid=5842", refsource: "CONFIRM", url: "http://community.mybboard.net/attachment.php?aid=5842", }, { name: "20070403 MyBulletinBoard (MyBB) <= 1.2.3 Remote Code Execution Exploit", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/464563/100/0/threaded", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-1963", datePublished: "2007-04-11T10:00:00", dateReserved: "2007-04-10T00:00:00", dateUpdated: "2024-08-07T13:13:42.000Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-39265
Vulnerability from cvelistv5
Published
2022-10-06 00:00
Modified
2024-08-03 12:00
Severity ?
EPSS score ?
Summary
MyBB is a free and open source forum software. The _Mail Settings_ → Additional Parameters for PHP's mail() function mail_parameters setting value, in connection with the configured mail program's options and behavior, may allow access to sensitive information and Remote Code Execution (RCE). The vulnerable module requires Admin CP access with the `_Can manage settings?_` permission and may depend on configured file permissions. MyBB 1.8.31 resolves this issue with the commit `0cd318136a`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:00:43.494Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-hxhm-rq9f-7xj7", }, { tags: [ "x_transferred", ], url: "https://github.com/mybb/mybb/commit/0cd318136a10b029bb5c8a8f6dddf39d87519797", }, { tags: [ "x_transferred", ], url: "https://github.com/mybb/mybb/blob/mybb_1830/install/resources/settings.xml#L2331-L2338", }, { tags: [ "x_transferred", ], url: "https://mybb.com/versions/1.8.31/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "mybb", vendor: "mybb", versions: [ { status: "affected", version: "< 1.8.31", }, ], }, ], descriptions: [ { lang: "en", value: "MyBB is a free and open source forum software. The _Mail Settings_ → Additional Parameters for PHP's mail() function mail_parameters setting value, in connection with the configured mail program's options and behavior, may allow access to sensitive information and Remote Code Execution (RCE). The vulnerable module requires Admin CP access with the `_Can manage settings?_` permission and may depend on configured file permissions. MyBB 1.8.31 resolves this issue with the commit `0cd318136a`. Users are advised to upgrade. There are no known workarounds for this vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-74", description: "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-11T00:00:00", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { url: "https://github.com/mybb/mybb/security/advisories/GHSA-hxhm-rq9f-7xj7", }, { url: "https://github.com/mybb/mybb/commit/0cd318136a10b029bb5c8a8f6dddf39d87519797", }, { url: "https://github.com/mybb/mybb/blob/mybb_1830/install/resources/settings.xml#L2331-L2338", }, { url: "https://mybb.com/versions/1.8.31/", }, ], source: { advisory: "GHSA-hxhm-rq9f-7xj7", discovery: "UNKNOWN", }, title: "Mail settings' command parameter injection in mybb", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-39265", datePublished: "2022-10-06T00:00:00", dateReserved: "2022-09-02T00:00:00", dateUpdated: "2024-08-03T12:00:43.494Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-4628
Vulnerability from cvelistv5
Published
2010-12-30 20:00
Modified
2024-08-07 03:51
Severity ?
EPSS score ?
Summary
member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain superfluous call to the SQL COUNT function, which allows remote attackers to cause a denial of service (resource consumption) by making requests to member.php that trigger scans of the entire users table.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/ | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2010/10/08/7 | mailing-list, x_refsource_MLIST | |
| http://openwall.com/lists/oss-security/2010/10/11/8 | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64514 | vdb-entry, x_refsource_XF | |
| http://openwall.com/lists/oss-security/2010/12/06/2 | mailing-list, x_refsource_MLIST | |
| http://dev.mybboard.net/issues/662 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T03:51:17.919Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", }, { name: "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2010/10/08/7", }, { name: "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2010/10/11/8", }, { name: "mybb-sqlcount-dos(64514)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64514", }, { name: "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2010/12/06/2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://dev.mybboard.net/issues/662", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2010-04-13T00:00:00", descriptions: [ { lang: "en", value: "member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain superfluous call to the SQL COUNT function, which allows remote attackers to cause a denial of service (resource consumption) by making requests to member.php that trigger scans of the entire users table.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", }, { name: "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openwall.com/lists/oss-security/2010/10/08/7", }, { name: "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openwall.com/lists/oss-security/2010/10/11/8", }, { name: "mybb-sqlcount-dos(64514)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64514", }, { name: "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openwall.com/lists/oss-security/2010/12/06/2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://dev.mybboard.net/issues/662", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2010-4628", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain superfluous call to the SQL COUNT function, which allows remote attackers to cause a denial of service (resource consumption) by making requests to member.php that trigger scans of the entire users table.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", refsource: "CONFIRM", url: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", }, { name: "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12", refsource: "MLIST", url: "http://openwall.com/lists/oss-security/2010/10/08/7", }, { name: "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12", refsource: "MLIST", url: "http://openwall.com/lists/oss-security/2010/10/11/8", }, { name: "mybb-sqlcount-dos(64514)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64514", }, { name: "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12", refsource: "MLIST", url: "http://openwall.com/lists/oss-security/2010/12/06/2", }, { name: "http://dev.mybboard.net/issues/662", refsource: "CONFIRM", url: "http://dev.mybboard.net/issues/662", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2010-4628", datePublished: "2010-12-30T20:00:00", dateReserved: "2010-12-30T00:00:00", dateUpdated: "2024-08-07T03:51:17.919Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9415
Vulnerability from cvelistv5
Published
2017-01-31 22:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows allow remote attackers to overwrite arbitrary CSS files via vectors related to "style import."
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/11/18/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/11/10/8 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/94396 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:50:38.036Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "94396", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94396", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-10-17T00:00:00", descriptions: [ { lang: "en", value: "MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows allow remote attackers to overwrite arbitrary CSS files via vectors related to \"style import.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-02-01T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "94396", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94396", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9415", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows allow remote attackers to overwrite arbitrary CSS files via vectors related to \"style import.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", refsource: "CONFIRM", url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "94396", refsource: "BID", url: "http://www.securityfocus.com/bid/94396", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9415", datePublished: "2017-01-31T22:00:00", dateReserved: "2016-11-17T00:00:00", dateUpdated: "2024-08-06T02:50:38.036Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-0622
Vulnerability from cvelistv5
Published
2007-01-31 18:00
Modified
2024-08-07 12:26
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulletinBoard) 1.2.2 allows remote attackers to send messages to arbitrary users. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/23934 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/32968 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T12:26:54.431Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "23934", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23934", }, { name: "32968", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/32968", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-01-25T00:00:00", descriptions: [ { lang: "en", value: "Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulletinBoard) 1.2.2 allows remote attackers to send messages to arbitrary users. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2008-11-15T10:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "23934", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23934", }, { name: "32968", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/32968", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-0622", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulletinBoard) 1.2.2 allows remote attackers to send messages to arbitrary users. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "23934", refsource: "SECUNIA", url: "http://secunia.com/advisories/23934", }, { name: "32968", refsource: "OSVDB", url: "http://osvdb.org/32968", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-0622", datePublished: "2007-01-31T18:00:00", dateReserved: "2007-01-31T00:00:00", dateUpdated: "2024-08-07T12:26:54.431Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-41362
Vulnerability from cvelistv5
Published
2023-08-29 00:00
Modified
2024-10-01 20:41
Severity ?
EPSS score ?
Summary
MyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval, and there was some validation of the input to eval, but type juggling interfered with this when using PCRE within PHP.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:01:35.079Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://mybb.com/versions/1.8.36/", }, { tags: [ "x_transferred", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-pr74-wvp3-q6f5", }, { tags: [ "x_transferred", ], url: "https://github.com/mybb/mybb/commit/a43a6f22944e769a6eabc58c39e7bc18c1cab4ca.patch", }, { tags: [ "x_transferred", ], url: "https://blog.sorcery.ie/posts/mybb_acp_rce/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-41362", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-01T20:41:18.158347Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-01T20:41:29.859Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "MyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval, and there was some validation of the input to eval, but type juggling interfered with this when using PCRE within PHP.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-11T14:36:20.658652", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://mybb.com/versions/1.8.36/", }, { url: "https://github.com/mybb/mybb/security/advisories/GHSA-pr74-wvp3-q6f5", }, { url: "https://github.com/mybb/mybb/commit/a43a6f22944e769a6eabc58c39e7bc18c1cab4ca.patch", }, { url: "https://blog.sorcery.ie/posts/mybb_acp_rce/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-41362", datePublished: "2023-08-29T00:00:00", dateReserved: "2023-08-29T00:00:00", dateUpdated: "2024-10-01T20:41:29.859Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9411
Vulnerability from cvelistv5
Published
2017-01-31 22:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to obtain the installation path via vectors involving sending mails.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94395 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/11/18/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/11/10/8 | mailing-list, x_refsource_MLIST | |
| https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:50:37.816Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "94395", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-11T00:00:00", descriptions: [ { lang: "en", value: "The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to obtain the installation path via vectors involving sending mails.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-02-01T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "94395", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9411", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to obtain the installation path via vectors involving sending mails.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "94395", refsource: "BID", url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", refsource: "CONFIRM", url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9411", datePublished: "2017-01-31T22:00:00", dateReserved: "2016-11-17T00:00:00", dateUpdated: "2024-08-06T02:50:37.816Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-0689
Vulnerability from cvelistv5
Published
2007-05-14 21:00
Modified
2024-08-07 12:26
Severity ?
EPSS score ?
Summary
MyBB 1.2.4 allows remote attackers to obtain sensitive information via the (1) action[] parameter to member.php, (2) imagehash[] parameter to captcha.php, and (3) a direct request to inc/datahandlers/event.php, which reveal the installation path in the resulting error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/34155 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/archive/1/468549/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34336 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/35549 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/35548 | vdb-entry, x_refsource_OSVDB | |
| http://marc.info/?l=full-disclosure&m=117909973216181&w=2 | mailing-list, x_refsource_FULLDISC | |
| http://www.netvigilance.com/advisory0017 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T12:26:54.361Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "34155", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/34155", }, { name: "20070513 MyBB version 1.2.4 Multiple Path Disclosure Vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/468549/100/0/threaded", }, { name: "mybb-eventmembercaptcha-info-disclosure(34336)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34336", }, { name: "35549", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/35549", }, { name: "35548", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/35548", }, { name: "20070513 MyBB version 1.2.4 Multiple Path Disclosure Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://marc.info/?l=full-disclosure&m=117909973216181&w=2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.netvigilance.com/advisory0017", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-05-13T00:00:00", descriptions: [ { lang: "en", value: "MyBB 1.2.4 allows remote attackers to obtain sensitive information via the (1) action[] parameter to member.php, (2) imagehash[] parameter to captcha.php, and (3) a direct request to inc/datahandlers/event.php, which reveal the installation path in the resulting error message.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "34155", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/34155", }, { name: "20070513 MyBB version 1.2.4 Multiple Path Disclosure Vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/468549/100/0/threaded", }, { name: "mybb-eventmembercaptcha-info-disclosure(34336)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34336", }, { name: "35549", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/35549", }, { name: "35548", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/35548", }, { name: "20070513 MyBB version 1.2.4 Multiple Path Disclosure Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://marc.info/?l=full-disclosure&m=117909973216181&w=2", }, { tags: [ "x_refsource_MISC", ], url: "http://www.netvigilance.com/advisory0017", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-0689", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "MyBB 1.2.4 allows remote attackers to obtain sensitive information via the (1) action[] parameter to member.php, (2) imagehash[] parameter to captcha.php, and (3) a direct request to inc/datahandlers/event.php, which reveal the installation path in the resulting error message.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "34155", refsource: "OSVDB", url: "http://www.osvdb.org/34155", }, { name: "20070513 MyBB version 1.2.4 Multiple Path Disclosure Vulnerabilities", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/468549/100/0/threaded", }, { name: "mybb-eventmembercaptcha-info-disclosure(34336)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34336", }, { name: "35549", refsource: "OSVDB", url: "http://osvdb.org/35549", }, { name: "35548", refsource: "OSVDB", url: "http://osvdb.org/35548", }, { name: "20070513 MyBB version 1.2.4 Multiple Path Disclosure Vulnerabilities", refsource: "FULLDISC", url: "http://marc.info/?l=full-disclosure&m=117909973216181&w=2", }, { name: "http://www.netvigilance.com/advisory0017", refsource: "MISC", url: "http://www.netvigilance.com/advisory0017", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-0689", datePublished: "2007-05-14T21:00:00", dateReserved: "2007-02-03T00:00:00", dateUpdated: "2024-08-07T12:26:54.361Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-2335
Vulnerability from cvelistv5
Published
2015-03-18 14:00
Modified
2024-08-06 05:10
Severity ?
EPSS score ?
Summary
A JSON library in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to obtain the installation path via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/73216 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1031953 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T05:10:16.275Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { name: "73216", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/73216", }, { name: "1031953", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1031953", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-02-15T00:00:00", descriptions: [ { lang: "en", value: "A JSON library in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to obtain the installation path via unknown vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-30T18:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { name: "73216", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/73216", }, { name: "1031953", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1031953", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-2335", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A JSON library in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to obtain the installation path via unknown vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", refsource: "CONFIRM", url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { name: "73216", refsource: "BID", url: "http://www.securityfocus.com/bid/73216", }, { name: "1031953", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1031953", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-2335", datePublished: "2015-03-18T14:00:00", dateReserved: "2015-03-18T00:00:00", dateUpdated: "2024-08-06T05:10:16.275Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-19202
Vulnerability from cvelistv5
Published
2019-04-11 20:00
Modified
2024-08-05 11:30
Severity ?
EPSS score ?
Summary
A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the 'upsetting[bburl]' parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.mybb.com/ | x_refsource_CONFIRM | |
| https://mybb.com/versions/1.8.20/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T11:30:04.217Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://mybb.com/versions/1.8.20/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-02-27T00:00:00", descriptions: [ { lang: "en", value: "A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the 'upsetting[bburl]' parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-04-11T20:00:10", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://mybb.com/versions/1.8.20/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-19202", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the 'upsetting[bburl]' parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://blog.mybb.com/", refsource: "CONFIRM", url: "https://blog.mybb.com/", }, { name: "https://mybb.com/versions/1.8.20/", refsource: "CONFIRM", url: "https://mybb.com/versions/1.8.20/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-19202", datePublished: "2019-04-11T20:00:10", dateReserved: "2018-11-12T00:00:00", dateUpdated: "2024-08-05T11:30:04.217Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-8974
Vulnerability from cvelistv5
Published
2017-01-31 22:00
Modified
2024-08-06 08:36
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/94397 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/11/18/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/11/10/8 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T08:36:30.884Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/", }, { name: "94397", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94397", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-09-07T00:00:00", descriptions: [ { lang: "en", value: "SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-02-01T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/", }, { name: "94397", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94397", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-8974", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/", refsource: "CONFIRM", url: "https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/", }, { name: "94397", refsource: "BID", url: "http://www.securityfocus.com/bid/94397", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-8974", datePublished: "2017-01-31T22:00:00", dateReserved: "2016-11-17T00:00:00", dateUpdated: "2024-08-06T08:36:30.884Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2006-0442
Vulnerability from cvelistv5
Published
2006-01-26 22:00
Modified
2024-08-07 16:34
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in MyBulletinBoard (MyBB) 1.02 allow remote attackers to inject arbitrary web script or HTML via the (1) notepad parameter in a notepad action and (2) signature parameter in an editsig action. NOTE: These are different attack vectors, and probably a different vulnerability, than CVE-2006-0218 and CVE-2006-0219.
References
| ▼ | URL | Tags |
|---|---|---|
| http://kapda.ir/advisory-241.html | x_refsource_MISC | |
| http://secunia.com/advisories/18603 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/423128/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securitytracker.com/id?1015535 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2006/0316 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/16361 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T16:34:14.871Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://kapda.ir/advisory-241.html", }, { name: "18603", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/18603", }, { name: "20060124 [KAPDA::#25] - MyBB 1.x Cross_Site_Scripting", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/423128/100/0/threaded", }, { name: "1015535", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1015535", }, { name: "ADV-2006-0316", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/0316", }, { name: "16361", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/16361", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2006-01-21T00:00:00", descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in MyBulletinBoard (MyBB) 1.02 allow remote attackers to inject arbitrary web script or HTML via the (1) notepad parameter in a notepad action and (2) signature parameter in an editsig action. NOTE: These are different attack vectors, and probably a different vulnerability, than CVE-2006-0218 and CVE-2006-0219.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-19T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://kapda.ir/advisory-241.html", }, { name: "18603", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/18603", }, { name: "20060124 [KAPDA::#25] - MyBB 1.x Cross_Site_Scripting", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/423128/100/0/threaded", }, { name: "1015535", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1015535", }, { name: "ADV-2006-0316", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/0316", }, { name: "16361", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/16361", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2006-0442", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in MyBulletinBoard (MyBB) 1.02 allow remote attackers to inject arbitrary web script or HTML via the (1) notepad parameter in a notepad action and (2) signature parameter in an editsig action. NOTE: These are different attack vectors, and probably a different vulnerability, than CVE-2006-0218 and CVE-2006-0219.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://kapda.ir/advisory-241.html", refsource: "MISC", url: "http://kapda.ir/advisory-241.html", }, { name: "18603", refsource: "SECUNIA", url: "http://secunia.com/advisories/18603", }, { name: "20060124 [KAPDA::#25] - MyBB 1.x Cross_Site_Scripting", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/423128/100/0/threaded", }, { name: "1015535", refsource: "SECTRACK", url: "http://securitytracker.com/id?1015535", }, { name: "ADV-2006-0316", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2006/0316", }, { name: "16361", refsource: "BID", url: "http://www.securityfocus.com/bid/16361", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2006-0442", datePublished: "2006-01-26T22:00:00", dateReserved: "2006-01-26T00:00:00", dateUpdated: "2024-08-07T16:34:14.871Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-4930
Vulnerability from cvelistv5
Published
2008-11-04 20:00
Modified
2024-09-16 23:10
Severity ?
EPSS score ?
Summary
MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka "Incomplete protection against MIME-sniffing." NOTE: this could be leveraged for XSS and other attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html | mailing-list, x_refsource_FULLDISC | |
| http://www.openwall.com/lists/oss-security/2008/11/01/2 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T10:31:28.282Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20081027 MyBB 1.4.2: Multiple Vulnerabilties", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html", }, { name: "20081027 MyBB 1.4.2: Multiple Vulnerabilties", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html", }, { name: "[oss-security] 20081101 CVE request (Fwd: MyBB 1.4.2: Multiple Vulnerabilties)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2008/11/01/2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka \"Incomplete protection against MIME-sniffing.\" NOTE: this could be leveraged for XSS and other attacks.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2008-11-04T20:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20081027 MyBB 1.4.2: Multiple Vulnerabilties", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html", }, { name: "20081027 MyBB 1.4.2: Multiple Vulnerabilties", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html", }, { name: "[oss-security] 20081101 CVE request (Fwd: MyBB 1.4.2: Multiple Vulnerabilties)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2008/11/01/2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-4930", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka \"Incomplete protection against MIME-sniffing.\" NOTE: this could be leveraged for XSS and other attacks.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20081027 MyBB 1.4.2: Multiple Vulnerabilties", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html", }, { name: "20081027 MyBB 1.4.2: Multiple Vulnerabilties", refsource: "FULLDISC", url: "http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html", }, { name: "[oss-security] 20081101 CVE request (Fwd: MyBB 1.4.2: Multiple Vulnerabilties)", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2008/11/01/2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-4930", datePublished: "2008-11-04T20:00:00Z", dateReserved: "2008-11-04T00:00:00Z", dateUpdated: "2024-09-16T23:10:27.783Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9403
Vulnerability from cvelistv5
Published
2017-01-31 22:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to have unspecified impact by leveraging a missing permission check.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94395 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/11/18/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/11/10/8 | mailing-list, x_refsource_MLIST | |
| https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:50:37.623Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "94395", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-11T00:00:00", descriptions: [ { lang: "en", value: "newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to have unspecified impact by leveraging a missing permission check.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-02-01T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "94395", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9403", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to have unspecified impact by leveraging a missing permission check.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "94395", refsource: "BID", url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", refsource: "CONFIRM", url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9403", datePublished: "2017-01-31T22:00:00", dateReserved: "2016-11-17T00:00:00", dateUpdated: "2024-08-06T02:50:37.623Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-8977
Vulnerability from cvelistv5
Published
2017-01-31 22:00
Modified
2024-08-06 08:36
Severity ?
EPSS score ?
Summary
MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the installation path via vectors involving error log files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/94397 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/11/18/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/11/10/8 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T08:36:30.817Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/", }, { name: "94397", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94397", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-09-07T00:00:00", descriptions: [ { lang: "en", value: "MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the installation path via vectors involving error log files.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-02-02T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/", }, { name: "94397", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94397", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-8977", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the installation path via vectors involving error log files.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/", refsource: "CONFIRM", url: "https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/", }, { name: "94397", refsource: "BID", url: "http://www.securityfocus.com/bid/94397", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-8977", datePublished: "2017-01-31T22:00:00", dateReserved: "2016-11-17T00:00:00", dateUpdated: "2024-08-06T08:36:30.817Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-5096
Vulnerability from cvelistv5
Published
2012-08-13 23:00
Modified
2024-09-17 04:10
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php. NOTE: the vendor disputes this issue, saying "Although this doesn't lead to an SQL injection, it does provide a general MyBB SQL error.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/70014 | vdb-entry, x_refsource_OSVDB | |
| http://dev.mybb.com/issues/1330 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2012/05/08/7 | mailing-list, x_refsource_MLIST | |
| http://www.osvdb.org/70013 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/45565 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2012/03/25/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/05/08/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/03/23/4 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2010-5096", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-08T15:52:23.724097Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:44:49.399Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "ADP Container", }, { providerMetadata: { dateUpdated: "2024-08-07T04:09:39.121Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "70014", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/70014", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://dev.mybb.com/issues/1330", }, { name: "[oss-security] 20120508 Re: CVE-request: MyBB before 1.6.1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/05/08/7", }, { name: "70013", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/70013", }, { name: "45565", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/45565", }, { name: "[oss-security] 20120325 Re: CVE-request: MyBB 1.6 <= SQL Injection", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/03/25/1", }, { name: "[oss-security] 20120508 CVE-request: MyBB before 1.6.1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/05/08/3", }, { name: "[oss-security] 20120323 CVE-request: MyBB 1.6 <= SQL Injection", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/03/23/4", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php. NOTE: the vendor disputes this issue, saying \"Although this doesn't lead to an SQL injection, it does provide a general MyBB SQL error.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-08-13T23:00:00Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "70014", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/70014", }, { tags: [ "x_refsource_MISC", ], url: "http://dev.mybb.com/issues/1330", }, { name: "[oss-security] 20120508 Re: CVE-request: MyBB before 1.6.1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/05/08/7", }, { name: "70013", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/70013", }, { name: "45565", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/45565", }, { name: "[oss-security] 20120325 Re: CVE-request: MyBB 1.6 <= SQL Injection", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/03/25/1", }, { name: "[oss-security] 20120508 CVE-request: MyBB before 1.6.1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/05/08/3", }, { name: "[oss-security] 20120323 CVE-request: MyBB 1.6 <= SQL Injection", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/03/23/4", }, ], tags: [ "disputed", ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2010-5096", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** DISPUTED ** Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php. NOTE: the vendor disputes this issue, saying \"Although this doesn't lead to an SQL injection, it does provide a general MyBB SQL error.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "70014", refsource: "OSVDB", url: "http://www.osvdb.org/70014", }, { name: "http://dev.mybb.com/issues/1330", refsource: "MISC", url: "http://dev.mybb.com/issues/1330", }, { name: "[oss-security] 20120508 Re: CVE-request: MyBB before 1.6.1", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/05/08/7", }, { name: "70013", refsource: "OSVDB", url: "http://www.osvdb.org/70013", }, { name: "45565", refsource: "BID", url: "http://www.securityfocus.com/bid/45565", }, { name: "[oss-security] 20120325 Re: CVE-request: MyBB 1.6 <= SQL Injection", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/03/25/1", }, { name: "[oss-security] 20120508 CVE-request: MyBB before 1.6.1", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/05/08/3", }, { name: "[oss-security] 20120323 CVE-request: MyBB 1.6 <= SQL Injection", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/03/23/4", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2010-5096", datePublished: "2012-08-13T23:00:00Z", dateReserved: "2012-04-30T00:00:00Z", dateUpdated: "2024-09-17T04:10:28.021Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-2332
Vulnerability from cvelistv5
Published
2015-03-18 14:00
Modified
2024-08-06 05:10
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in member.php in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/73212 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1031953 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T05:10:16.163Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { name: "73212", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/73212", }, { name: "1031953", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1031953", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-02-15T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in member.php in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-30T18:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { name: "73212", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/73212", }, { name: "1031953", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1031953", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-2332", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in member.php in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", refsource: "CONFIRM", url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { name: "73212", refsource: "BID", url: "http://www.securityfocus.com/bid/73212", }, { name: "1031953", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1031953", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-2332", datePublished: "2015-03-18T14:00:00", dateReserved: "2015-03-18T00:00:00", dateUpdated: "2024-08-06T05:10:16.163Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-4627
Vulnerability from cvelistv5
Published
2010-12-30 20:00
Modified
2024-08-07 03:51
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in usercp2.php in MyBB (aka MyBulletinBoard) before 1.4.12 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/ | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2010/10/08/7 | mailing-list, x_refsource_MLIST | |
| http://openwall.com/lists/oss-security/2010/10/11/8 | mailing-list, x_refsource_MLIST | |
| http://dev.mybboard.net/issues/852 | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2010/12/06/2 | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64515 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T03:51:17.971Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", }, { name: "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2010/10/08/7", }, { name: "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2010/10/11/8", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://dev.mybboard.net/issues/852", }, { name: "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2010/12/06/2", }, { name: "mybb-usercp2-csrf(64515)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64515", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2010-04-13T00:00:00", descriptions: [ { lang: "en", value: "Cross-site request forgery (CSRF) vulnerability in usercp2.php in MyBB (aka MyBulletinBoard) before 1.4.12 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", }, { name: "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openwall.com/lists/oss-security/2010/10/08/7", }, { name: "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openwall.com/lists/oss-security/2010/10/11/8", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://dev.mybboard.net/issues/852", }, { name: "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openwall.com/lists/oss-security/2010/12/06/2", }, { name: "mybb-usercp2-csrf(64515)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64515", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2010-4627", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site request forgery (CSRF) vulnerability in usercp2.php in MyBB (aka MyBulletinBoard) before 1.4.12 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", refsource: "CONFIRM", url: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", }, { name: "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12", refsource: "MLIST", url: "http://openwall.com/lists/oss-security/2010/10/08/7", }, { name: "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12", refsource: "MLIST", url: "http://openwall.com/lists/oss-security/2010/10/11/8", }, { name: "http://dev.mybboard.net/issues/852", refsource: "CONFIRM", url: "http://dev.mybboard.net/issues/852", }, { name: "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12", refsource: "MLIST", url: "http://openwall.com/lists/oss-security/2010/12/06/2", }, { name: "mybb-usercp2-csrf(64515)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64515", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2010-4627", datePublished: "2010-12-30T20:00:00", dateReserved: "2010-12-30T00:00:00", dateUpdated: "2024-08-07T03:51:17.971Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9420
Vulnerability from cvelistv5
Published
2017-01-31 22:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allow remote attackers to have unspecified impact via vectors related to "loose comparison false positives."
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/11/18/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/11/10/8 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/94396 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:50:38.327Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "94396", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94396", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-10-17T00:00:00", descriptions: [ { lang: "en", value: "MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allow remote attackers to have unspecified impact via vectors related to \"loose comparison false positives.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-02-01T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "94396", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94396", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9420", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allow remote attackers to have unspecified impact via vectors related to \"loose comparison false positives.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", refsource: "CONFIRM", url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "94396", refsource: "BID", url: "http://www.securityfocus.com/bid/94396", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9420", datePublished: "2017-01-31T22:00:00", dateReserved: "2016-11-17T00:00:00", dateUpdated: "2024-08-06T02:50:38.327Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9404
Vulnerability from cvelistv5
Published
2017-01-31 22:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors related to login.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94395 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/11/18/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/11/10/8 | mailing-list, x_refsource_MLIST | |
| https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:50:38.353Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "94395", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-11T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors related to login.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-02-01T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "94395", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9404", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors related to login.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "94395", refsource: "BID", url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", refsource: "CONFIRM", url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9404", datePublished: "2017-01-31T22:00:00", dateReserved: "2016-11-17T00:00:00", dateUpdated: "2024-08-06T02:50:38.353Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-19201
Vulnerability from cvelistv5
Published
2019-03-29 18:58
Modified
2024-08-05 11:30
Severity ?
EPSS score ?
Summary
A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/ | x_refsource_CONFIRM | |
| https://github.com/mybb/mybb/blob/feature/SECURITY.md#technical-details-of-known-issues | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T11:30:04.028Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/mybb/mybb/blob/feature/SECURITY.md#technical-details-of-known-issues", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-02-27T00:00:00", descriptions: [ { lang: "en", value: "A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-04-11T20:03:34", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/mybb/mybb/blob/feature/SECURITY.md#technical-details-of-known-issues", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-19201", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/", refsource: "CONFIRM", url: "https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/", }, { name: "https://github.com/mybb/mybb/blob/feature/SECURITY.md#technical-details-of-known-issues", refsource: "CONFIRM", url: "https://github.com/mybb/mybb/blob/feature/SECURITY.md#technical-details-of-known-issues", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-19201", datePublished: "2019-03-29T18:58:41", dateReserved: "2018-11-12T00:00:00", dateUpdated: "2024-08-05T11:30:04.028Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9407
Vulnerability from cvelistv5
Published
2017-01-31 22:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving Mod control panel logs.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94395 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/11/18/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/11/10/8 | mailing-list, x_refsource_MLIST | |
| https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:50:37.683Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "94395", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-11T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving Mod control panel logs.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-02-01T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "94395", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9407", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving Mod control panel logs.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "94395", refsource: "BID", url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", refsource: "CONFIRM", url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9407", datePublished: "2017-01-31T22:00:00", dateReserved: "2016-11-17T00:00:00", dateUpdated: "2024-08-06T02:50:37.683Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-41866
Vulnerability from cvelistv5
Published
2021-10-26 21:25
Modified
2024-08-04 03:22
Severity ?
EPSS score ?
Summary
MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mybb/mybb/security/advisories/ | x_refsource_MISC | |
| https://github.com/mybb/mybb/security/advisories/GHSA-gxhv-r3m5-6qv7 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:22:25.530Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/mybb/mybb/security/advisories/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-gxhv-r3m5-6qv7", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-26T21:25:47", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/mybb/mybb/security/advisories/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-gxhv-r3m5-6qv7", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-41866", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/mybb/mybb/security/advisories/", refsource: "MISC", url: "https://github.com/mybb/mybb/security/advisories/", }, { name: "https://github.com/mybb/mybb/security/advisories/GHSA-gxhv-r3m5-6qv7", refsource: "CONFIRM", url: "https://github.com/mybb/mybb/security/advisories/GHSA-gxhv-r3m5-6qv7", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-41866", datePublished: "2021-10-26T21:25:47", dateReserved: "2021-10-04T00:00:00", dateUpdated: "2024-08-04T03:22:25.530Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-2333
Vulnerability from cvelistv5
Published
2015-03-18 14:00
Modified
2024-08-06 05:10
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the MyCode editor in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/73213 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1031953 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T05:10:16.025Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { name: "73213", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/73213", }, { name: "1031953", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1031953", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-02-15T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the MyCode editor in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-30T18:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { name: "73213", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/73213", }, { name: "1031953", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1031953", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-2333", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the MyCode editor in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", refsource: "CONFIRM", url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { name: "73213", refsource: "BID", url: "http://www.securityfocus.com/bid/73213", }, { name: "1031953", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1031953", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-2333", datePublished: "2015-03-18T14:00:00", dateReserved: "2015-03-18T00:00:00", dateUpdated: "2024-08-06T05:10:16.025Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-4199
Vulnerability from cvelistv5
Published
2005-12-13 11:00
Modified
2024-08-07 23:38
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T23:38:51.520Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "15793", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/15793", }, { name: "22158", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/22158", }, { name: "18000", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/18000", }, { name: "22156", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/22156", }, { name: "20051209 [TKPN2005-12-001] Multiple critical vulnerabilities in MyBB", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/419067/100/0/threaded", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.trapkit.de/advisories/TKPN2005-12-001.txt", }, { name: "246", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/246", }, { name: "1015407", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1015407", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://community.mybboard.net/showthread.php?tid=5184&pid=30964#pid30964", }, { name: "20051209 [TKPN2005-12-001] Multiple critical vulnerabilities in MyBB", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0379.html", }, { name: "22157", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/22157", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.trapkit.de/advisories/TKADV2005-12-001.txt", }, { name: "20051223 [TKADV2005-12-001] Multiple SQL Injection vulnerabilities in MyBB", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/420159/100/0/threaded", }, { name: "294", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/294", }, { name: "ADV-2005-2842", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2005/2842", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-12-09T00:00:00", descriptions: [ { lang: "en", value: "Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-19T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "15793", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/15793", }, { name: "22158", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/22158", }, { name: "18000", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/18000", }, { name: "22156", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/22156", }, { name: "20051209 [TKPN2005-12-001] Multiple critical vulnerabilities in MyBB", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/419067/100/0/threaded", }, { tags: [ "x_refsource_MISC", ], url: "http://www.trapkit.de/advisories/TKPN2005-12-001.txt", }, { name: "246", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/246", }, { name: "1015407", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1015407", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://community.mybboard.net/showthread.php?tid=5184&pid=30964#pid30964", }, { name: "20051209 [TKPN2005-12-001] Multiple critical vulnerabilities in MyBB", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0379.html", }, { name: "22157", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/22157", }, { tags: [ "x_refsource_MISC", ], url: "http://www.trapkit.de/advisories/TKADV2005-12-001.txt", }, { name: "20051223 [TKADV2005-12-001] Multiple SQL Injection vulnerabilities in MyBB", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/420159/100/0/threaded", }, { name: "294", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/294", }, { name: "ADV-2005-2842", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2005/2842", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-4199", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "15793", refsource: "BID", url: "http://www.securityfocus.com/bid/15793", }, { name: "22158", refsource: "OSVDB", url: "http://www.osvdb.org/22158", }, { name: "18000", refsource: "SECUNIA", url: "http://secunia.com/advisories/18000", }, { name: "22156", refsource: "OSVDB", url: "http://www.osvdb.org/22156", }, { name: "20051209 [TKPN2005-12-001] Multiple critical vulnerabilities in MyBB", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/419067/100/0/threaded", }, { name: "http://www.trapkit.de/advisories/TKPN2005-12-001.txt", refsource: "MISC", url: "http://www.trapkit.de/advisories/TKPN2005-12-001.txt", }, { name: "246", refsource: "SREASON", url: "http://securityreason.com/securityalert/246", }, { name: "1015407", refsource: "SECTRACK", url: "http://securitytracker.com/id?1015407", }, { name: "http://community.mybboard.net/showthread.php?tid=5184&pid=30964#pid30964", refsource: "CONFIRM", url: "http://community.mybboard.net/showthread.php?tid=5184&pid=30964#pid30964", }, { name: "20051209 [TKPN2005-12-001] Multiple critical vulnerabilities in MyBB", refsource: "FULLDISC", url: "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0379.html", }, { name: "22157", refsource: "OSVDB", url: "http://www.osvdb.org/22157", }, { name: "http://www.trapkit.de/advisories/TKADV2005-12-001.txt", refsource: "MISC", url: "http://www.trapkit.de/advisories/TKADV2005-12-001.txt", }, { name: "20051223 [TKADV2005-12-001] Multiple SQL Injection vulnerabilities in MyBB", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/420159/100/0/threaded", }, { name: "294", refsource: "SREASON", url: "http://securityreason.com/securityalert/294", }, { name: "ADV-2005-2842", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2005/2842", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-4199", datePublished: "2005-12-13T11:00:00", dateReserved: "2005-12-13T00:00:00", dateUpdated: "2024-08-07T23:38:51.520Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-27948
Vulnerability from cvelistv5
Published
2021-03-15 17:13
Modified
2024-08-03 21:33
Severity ?
EPSS score ?
Summary
SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (issue 3 of 3).
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mybb/mybb/security/advisories/GHSA-3p9w-2q65-r6g2 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:33:17.242Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-3p9w-2q65-r6g2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (issue 3 of 3).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-15T17:13:33", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-3p9w-2q65-r6g2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-27948", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (issue 3 of 3).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/mybb/mybb/security/advisories/GHSA-3p9w-2q65-r6g2", refsource: "MISC", url: "https://github.com/mybb/mybb/security/advisories/GHSA-3p9w-2q65-r6g2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-27948", datePublished: "2021-03-15T17:13:33", dateReserved: "2021-03-04T00:00:00", dateUpdated: "2024-08-03T21:33:17.242Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28467
Vulnerability from cvelistv5
Published
2023-05-22 00:00
Modified
2025-01-21 15:26
Severity ?
EPSS score ?
Summary
In MyBB before 1.8.34, there is XSS in the User CP module via the user email field.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:38:25.477Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://mybb.com", }, { tags: [ "x_transferred", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-3q8x-9fh2-v646", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-28467", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-21T15:25:35.927025Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-21T15:26:10.149Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In MyBB before 1.8.34, there is XSS in the User CP module via the user email field.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-22T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://mybb.com", }, { url: "https://github.com/mybb/mybb/security/advisories/GHSA-3q8x-9fh2-v646", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-28467", datePublished: "2023-05-22T00:00:00", dateReserved: "2023-03-15T00:00:00", dateUpdated: "2025-01-21T15:26:10.149Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23336
Vulnerability from cvelistv5
Published
2024-05-01 06:27
Modified
2024-08-01 22:59
Severity ?
EPSS score ?
Summary
MyBB is a free and open source forum software. The default list of disallowed remote hosts does not contain the `127.0.0.0/8` block, which may result in a Server-Side Request Forgery (SSRF) vulnerability. The Configuration File's _Disallowed Remote Addresses_ list (`$config['disallowed_remote_addresses']`) contains the address `127.0.0.1`, but does not include the complete block `127.0.0.0/8`. MyBB 1.8.38 resolves this issue in default installations. Administrators of installed boards should update the existing configuration (`inc/config.php`) to include all addresses blocked by default. Additionally, users are advised to verify that it includes any other IPv4 addresses resolving to the server and other internal resources. Users unable to upgrade may manually add 127.0.0.0/8' to their disallowed address list.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mybb/mybb/security/advisories/GHSA-qfrj-65mv-h75h | x_refsource_CONFIRM | |
| https://github.com/mybb/mybb/commit/d6a96019025de9149014e06b1df252e6122e5630 | x_refsource_MISC | |
| https://docs.mybb.com/1.8/administration/configuration-file | x_refsource_MISC | |
| https://mybb.com/versions/1.8.38 | x_refsource_MISC |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mybb", vendor: "mybb", versions: [ { lessThan: "1.8.38", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-23336", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-01T13:48:54.371730Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-06T14:06:34.074Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.176Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/mybb/mybb/security/advisories/GHSA-qfrj-65mv-h75h", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-qfrj-65mv-h75h", }, { name: "https://github.com/mybb/mybb/commit/d6a96019025de9149014e06b1df252e6122e5630", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/mybb/mybb/commit/d6a96019025de9149014e06b1df252e6122e5630", }, { name: "https://docs.mybb.com/1.8/administration/configuration-file", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://docs.mybb.com/1.8/administration/configuration-file", }, { name: "https://mybb.com/versions/1.8.38", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://mybb.com/versions/1.8.38", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "mybb", vendor: "mybb", versions: [ { status: "affected", version: "< 1.8.38", }, ], }, ], descriptions: [ { lang: "en", value: "MyBB is a free and open source forum software. The default list of disallowed remote hosts does not contain the `127.0.0.0/8` block, which may result in a Server-Side Request Forgery (SSRF) vulnerability. The Configuration File's _Disallowed Remote Addresses_ list (`$config['disallowed_remote_addresses']`) contains the address `127.0.0.1`, but does not include the complete block `127.0.0.0/8`. MyBB 1.8.38 resolves this issue in default installations. Administrators of installed boards should update the existing configuration (`inc/config.php`) to include all addresses blocked by default. Additionally, users are advised to verify that it includes any other IPv4 addresses resolving to the server and other internal resources. Users unable to upgrade may manually add 127.0.0.0/8' to their disallowed address list.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-918", description: "CWE-918: Server-Side Request Forgery (SSRF)", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-184", description: "CWE-184: Incomplete List of Disallowed Inputs", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-01T06:27:37.987Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/mybb/mybb/security/advisories/GHSA-qfrj-65mv-h75h", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-qfrj-65mv-h75h", }, { name: "https://github.com/mybb/mybb/commit/d6a96019025de9149014e06b1df252e6122e5630", tags: [ "x_refsource_MISC", ], url: "https://github.com/mybb/mybb/commit/d6a96019025de9149014e06b1df252e6122e5630", }, { name: "https://docs.mybb.com/1.8/administration/configuration-file", tags: [ "x_refsource_MISC", ], url: "https://docs.mybb.com/1.8/administration/configuration-file", }, { name: "https://mybb.com/versions/1.8.38", tags: [ "x_refsource_MISC", ], url: "https://mybb.com/versions/1.8.38", }, ], source: { advisory: "GHSA-qfrj-65mv-h75h", discovery: "UNKNOWN", }, title: "Incomplete disallowed remote addresses list in MyBB", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-23336", datePublished: "2024-05-01T06:27:37.987Z", dateReserved: "2024-01-15T15:19:19.443Z", dateUpdated: "2024-08-01T22:59:32.176Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-8104
Vulnerability from cvelistv5
Published
2017-04-24 18:00
Modified
2024-08-05 16:27
Severity ?
EPSS score ?
Summary
In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2017/Apr/55 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/98045 | vdb-entry, x_refsource_BID | |
| https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:27:22.549Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2017/Apr/55", }, { name: "98045", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/98045", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-04-24T00:00:00", descriptions: [ { lang: "en", value: "In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-04-28T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://seclists.org/fulldisclosure/2017/Apr/55", }, { name: "98045", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/98045", }, { tags: [ "x_refsource_MISC", ], url: "https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-8104", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://seclists.org/fulldisclosure/2017/Apr/55", refsource: "MISC", url: "http://seclists.org/fulldisclosure/2017/Apr/55", }, { name: "98045", refsource: "BID", url: "http://www.securityfocus.com/bid/98045", }, { name: "https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/", refsource: "MISC", url: "https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-8104", datePublished: "2017-04-24T18:00:00", dateReserved: "2017-04-24T00:00:00", dateUpdated: "2024-08-05T16:27:22.549Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-0788
Vulnerability from cvelistv5
Published
2008-02-15 00:00
Modified
2024-08-07 08:01
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2.11 and earlier allow remote attackers to (1) hijack the authentication of moderators or administrators for requests that delete threads via a do_multideletethreads action to moderation.php and (2) hijack the authentication of arbitrary users for requests that delete private messages (PM) via a delete action to private.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://community.mybboard.net/showthread.php?tid=27675 | x_refsource_MISC | |
| http://secunia.com/advisories/28572/ | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/486663 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2008/0238 | vdb-entry, x_refsource_VUPEN | |
| http://securityreason.com/securityalert/3656 | third-party-advisory, x_refsource_SREASON |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:01:38.909Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://community.mybboard.net/showthread.php?tid=27675", }, { name: "28572", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/28572/", }, { name: "20080118 MyBB 1.2.11 Multiple XSRF Vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/486663", }, { name: "ADV-2008-0238", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/0238", }, { name: "3656", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/3656", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-01-17T00:00:00", descriptions: [ { lang: "en", value: "Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2.11 and earlier allow remote attackers to (1) hijack the authentication of moderators or administrators for requests that delete threads via a do_multideletethreads action to moderation.php and (2) hijack the authentication of arbitrary users for requests that delete private messages (PM) via a delete action to private.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2008-04-15T09:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://community.mybboard.net/showthread.php?tid=27675", }, { name: "28572", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/28572/", }, { name: "20080118 MyBB 1.2.11 Multiple XSRF Vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/486663", }, { name: "ADV-2008-0238", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/0238", }, { name: "3656", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/3656", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-0788", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2.11 and earlier allow remote attackers to (1) hijack the authentication of moderators or administrators for requests that delete threads via a do_multideletethreads action to moderation.php and (2) hijack the authentication of arbitrary users for requests that delete private messages (PM) via a delete action to private.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://community.mybboard.net/showthread.php?tid=27675", refsource: "MISC", url: "http://community.mybboard.net/showthread.php?tid=27675", }, { name: "28572", refsource: "SECUNIA", url: "http://secunia.com/advisories/28572/", }, { name: "20080118 MyBB 1.2.11 Multiple XSRF Vulnerabilities", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/486663", }, { name: "ADV-2008-0238", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/0238", }, { name: "3656", refsource: "SREASON", url: "http://securityreason.com/securityalert/3656", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-0788", datePublished: "2008-02-15T00:00:00", dateReserved: "2008-02-14T00:00:00", dateUpdated: "2024-08-07T08:01:38.909Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-7305
Vulnerability from cvelistv5
Published
2018-02-21 20:00
Modified
2024-09-16 22:36
Severity ?
EPSS score ?
Summary
MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitrary deletion of user accounts.
References
| ▼ | URL | Tags |
|---|---|---|
| https://websecnerd.blogspot.in/2018/02/mybb-forum-1_21.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:24:11.858Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://websecnerd.blogspot.in/2018/02/mybb-forum-1_21.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitrary deletion of user accounts.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-02-21T20:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://websecnerd.blogspot.in/2018/02/mybb-forum-1_21.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-7305", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitrary deletion of user accounts.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://websecnerd.blogspot.in/2018/02/mybb-forum-1_21.html", refsource: "MISC", url: "https://websecnerd.blogspot.in/2018/02/mybb-forum-1_21.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-7305", datePublished: "2018-02-21T20:00:00Z", dateReserved: "2018-02-21T00:00:00Z", dateUpdated: "2024-09-16T22:36:27.532Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-9241
Vulnerability from cvelistv5
Published
2014-12-03 21:00
Modified
2024-09-16 23:42
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to report.php, (2) signature parameter in a do_editsig action to usercp.php, or (3) title parameter in the style-templates module in an edit_template action or (4) file parameter in the config-languages module in an edit action to admin/index.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.mybb.com/2014/11/13/mybb-1-8-2-released-security-release/ | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/129109/MyBB-1.8.1-Cross-Site-Scripting-SQL-Injection.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T13:40:24.988Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.mybb.com/2014/11/13/mybb-1-8-2-released-security-release/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/129109/MyBB-1.8.1-Cross-Site-Scripting-SQL-Injection.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to report.php, (2) signature parameter in a do_editsig action to usercp.php, or (3) title parameter in the style-templates module in an edit_template action or (4) file parameter in the config-languages module in an edit action to admin/index.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-12-03T21:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.mybb.com/2014/11/13/mybb-1-8-2-released-security-release/", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/129109/MyBB-1.8.1-Cross-Site-Scripting-SQL-Injection.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-9241", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to report.php, (2) signature parameter in a do_editsig action to usercp.php, or (3) title parameter in the style-templates module in an edit_template action or (4) file parameter in the config-languages module in an edit action to admin/index.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://blog.mybb.com/2014/11/13/mybb-1-8-2-released-security-release/", refsource: "CONFIRM", url: "http://blog.mybb.com/2014/11/13/mybb-1-8-2-released-security-release/", }, { name: "http://packetstormsecurity.com/files/129109/MyBB-1.8.1-Cross-Site-Scripting-SQL-Injection.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/129109/MyBB-1.8.1-Cross-Site-Scripting-SQL-Injection.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-9241", datePublished: "2014-12-03T21:00:00Z", dateReserved: "2014-12-03T00:00:00Z", dateUpdated: "2024-09-16T23:42:18.530Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-4522
Vulnerability from cvelistv5
Published
2010-12-30 20:00
Modified
2024-09-16 20:22
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.4.14, and 1.6.x before 1.6.1, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) editpost.php, (2) member.php, and (3) newreply.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.mybb.com/2010/12/15/mybb-1-6-1-release-1-4-14-update/ | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2010/12/20/1 | mailing-list, x_refsource_MLIST | |
| http://openwall.com/lists/oss-security/2010/12/22/2 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T03:51:16.972Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.mybb.com/2010/12/15/mybb-1-6-1-release-1-4-14-update/", }, { name: "[oss-security] 20101220 CVE Request: MyBB XSS bugs", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2010/12/20/1", }, { name: "[oss-security] 20101221 Re: CVE Request: MyBB XSS bugs", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2010/12/22/2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.4.14, and 1.6.x before 1.6.1, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) editpost.php, (2) member.php, and (3) newreply.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2010-12-30T20:00:00Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.mybb.com/2010/12/15/mybb-1-6-1-release-1-4-14-update/", }, { name: "[oss-security] 20101220 CVE Request: MyBB XSS bugs", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openwall.com/lists/oss-security/2010/12/20/1", }, { name: "[oss-security] 20101221 Re: CVE Request: MyBB XSS bugs", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openwall.com/lists/oss-security/2010/12/22/2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2010-4522", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.4.14, and 1.6.x before 1.6.1, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) editpost.php, (2) member.php, and (3) newreply.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://blog.mybb.com/2010/12/15/mybb-1-6-1-release-1-4-14-update/", refsource: "CONFIRM", url: "http://blog.mybb.com/2010/12/15/mybb-1-6-1-release-1-4-14-update/", }, { name: "[oss-security] 20101220 CVE Request: MyBB XSS bugs", refsource: "MLIST", url: "http://openwall.com/lists/oss-security/2010/12/20/1", }, { name: "[oss-security] 20101221 Re: CVE Request: MyBB XSS bugs", refsource: "MLIST", url: "http://openwall.com/lists/oss-security/2010/12/22/2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2010-4522", datePublished: "2010-12-30T20:00:00Z", dateReserved: "2010-12-09T00:00:00Z", dateUpdated: "2024-09-16T20:22:36.682Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-5248
Vulnerability from cvelistv5
Published
2014-08-14 18:00
Modified
2024-09-16 21:04
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in MyBB before 1.6.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to video MyCode.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/59707 | third-party-advisory, x_refsource_SECUNIA | |
| http://blog.mybb.com/2014/08/04/mybb-1-6-15-released-security-maintenance-release | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T11:41:47.719Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "59707", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59707", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.mybb.com/2014/08/04/mybb-1-6-15-released-security-maintenance-release", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in MyBB before 1.6.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to video MyCode.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-08-14T18:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "59707", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59707", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.mybb.com/2014/08/04/mybb-1-6-15-released-security-maintenance-release", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-5248", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in MyBB before 1.6.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to video MyCode.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "59707", refsource: "SECUNIA", url: "http://secunia.com/advisories/59707", }, { name: "http://blog.mybb.com/2014/08/04/mybb-1-6-15-released-security-maintenance-release", refsource: "CONFIRM", url: "http://blog.mybb.com/2014/08/04/mybb-1-6-15-released-security-maintenance-release", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-5248", datePublished: "2014-08-14T18:00:00Z", dateReserved: "2014-08-14T00:00:00Z", dateUpdated: "2024-09-16T21:04:27.064Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-2212
Vulnerability from cvelistv5
Published
2007-04-24 20:00
Modified
2024-08-07 13:23
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/33814 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T13:23:51.169Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "mybb-calendar-sql-injection(33814)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/33814", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-04-23T00:00:00", descriptions: [ { lang: "en", value: "Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "mybb-calendar-sql-injection(33814)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/33814", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-2212", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "mybb-calendar-sql-injection(33814)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/33814", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-2212", datePublished: "2007-04-24T20:00:00", dateReserved: "2007-04-24T00:00:00", dateUpdated: "2024-08-07T13:23:51.169Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-2334
Vulnerability from cvelistv5
Published
2015-03-18 14:00
Modified
2024-08-06 05:10
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in the Admin Control Panel (ACP) login in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/73214 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1031953 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T05:10:16.265Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { name: "73214", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/73214", }, { name: "1031953", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1031953", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-02-15T00:00:00", descriptions: [ { lang: "en", value: "Cross-site request forgery (CSRF) vulnerability in the Admin Control Panel (ACP) login in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-30T18:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { name: "73214", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/73214", }, { name: "1031953", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1031953", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-2334", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site request forgery (CSRF) vulnerability in the Admin Control Panel (ACP) login in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", refsource: "CONFIRM", url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { name: "73214", refsource: "BID", url: "http://www.securityfocus.com/bid/73214", }, { name: "1031953", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1031953", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-2334", datePublished: "2015-03-18T14:00:00", dateReserved: "2015-03-18T00:00:00", dateUpdated: "2024-08-06T05:10:16.265Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-4928
Vulnerability from cvelistv5
Published
2008-11-04 20:00
Modified
2024-08-07 10:31
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the redirect function in functions.php in MyBB (aka MyBulletinBoard) 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter in a removesubscriptions action to moderation.php, related to use of the ajax option to request a JavaScript redirect. NOTE: this can be leveraged to execute PHP code and bypass cross-site request forgery (CSRF) protection.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/31935 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2008-10/0212.html | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2008/2967 | vdb-entry, x_refsource_VUPEN | |
| http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html | mailing-list, x_refsource_FULLDISC | |
| http://www.openwall.com/lists/oss-security/2008/11/01/2 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T10:31:28.188Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "31935", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/31935", }, { name: "20081027 Re: MyBB 1.4.2: Multiple Vulnerabilties", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2008-10/0212.html", }, { name: "20081027 MyBB 1.4.2: Multiple Vulnerabilties", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html", }, { name: "ADV-2008-2967", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2967", }, { name: "20081027 MyBB 1.4.2: Multiple Vulnerabilties", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html", }, { name: "[oss-security] 20081101 CVE request (Fwd: MyBB 1.4.2: Multiple Vulnerabilties)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2008/11/01/2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-10-27T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the redirect function in functions.php in MyBB (aka MyBulletinBoard) 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter in a removesubscriptions action to moderation.php, related to use of the ajax option to request a JavaScript redirect. NOTE: this can be leveraged to execute PHP code and bypass cross-site request forgery (CSRF) protection.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2008-11-15T10:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "31935", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/31935", }, { name: "20081027 Re: MyBB 1.4.2: Multiple Vulnerabilties", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2008-10/0212.html", }, { name: "20081027 MyBB 1.4.2: Multiple Vulnerabilties", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html", }, { name: "ADV-2008-2967", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2967", }, { name: "20081027 MyBB 1.4.2: Multiple Vulnerabilties", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html", }, { name: "[oss-security] 20081101 CVE request (Fwd: MyBB 1.4.2: Multiple Vulnerabilties)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2008/11/01/2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-4928", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the redirect function in functions.php in MyBB (aka MyBulletinBoard) 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter in a removesubscriptions action to moderation.php, related to use of the ajax option to request a JavaScript redirect. NOTE: this can be leveraged to execute PHP code and bypass cross-site request forgery (CSRF) protection.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "31935", refsource: "BID", url: "http://www.securityfocus.com/bid/31935", }, { name: "20081027 Re: MyBB 1.4.2: Multiple Vulnerabilties", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2008-10/0212.html", }, { name: "20081027 MyBB 1.4.2: Multiple Vulnerabilties", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html", }, { name: "ADV-2008-2967", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/2967", }, { name: "20081027 MyBB 1.4.2: Multiple Vulnerabilties", refsource: "FULLDISC", url: "http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html", }, { name: "[oss-security] 20081101 CVE request (Fwd: MyBB 1.4.2: Multiple Vulnerabilties)", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2008/11/01/2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-4928", datePublished: "2008-11-04T20:00:00", dateReserved: "2008-11-04T00:00:00", dateUpdated: "2024-08-07T10:31:28.188Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-3965
Vulnerability from cvelistv5
Published
2008-09-10 15:00
Modified
2024-08-07 10:00
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.4.1 allows remote attackers to execute arbitrary SQL commands via a certain editor field.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2008/09/09/1 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/31760 | third-party-advisory, x_refsource_SECUNIA | |
| http://community.mybboard.net/showthread.php?tid=36022 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/31104 | vdb-entry, x_refsource_BID | |
| http://community.mybboard.net/attachment.php?aid=10579 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2008/09/09/9 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T10:00:42.125Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20080909 CVE request: mybb < 1.4.1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2008/09/09/1", }, { name: "31760", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31760", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://community.mybboard.net/showthread.php?tid=36022", }, { name: "31104", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/31104", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://community.mybboard.net/attachment.php?aid=10579", }, { name: "[oss-security] 20080909 Re: CVE request: mybb < 1.4.1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2008/09/09/9", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-09-09T00:00:00", descriptions: [ { lang: "en", value: "SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.4.1 allows remote attackers to execute arbitrary SQL commands via a certain editor field.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2008-10-24T09:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[oss-security] 20080909 CVE request: mybb < 1.4.1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2008/09/09/1", }, { name: "31760", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31760", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://community.mybboard.net/showthread.php?tid=36022", }, { name: "31104", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/31104", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://community.mybboard.net/attachment.php?aid=10579", }, { name: "[oss-security] 20080909 Re: CVE request: mybb < 1.4.1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2008/09/09/9", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-3965", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.4.1 allows remote attackers to execute arbitrary SQL commands via a certain editor field.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20080909 CVE request: mybb < 1.4.1", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2008/09/09/1", }, { name: "31760", refsource: "SECUNIA", url: "http://secunia.com/advisories/31760", }, { name: "http://community.mybboard.net/showthread.php?tid=36022", refsource: "CONFIRM", url: "http://community.mybboard.net/showthread.php?tid=36022", }, { name: "31104", refsource: "BID", url: "http://www.securityfocus.com/bid/31104", }, { name: "http://community.mybboard.net/attachment.php?aid=10579", refsource: "CONFIRM", url: "http://community.mybboard.net/attachment.php?aid=10579", }, { name: "[oss-security] 20080909 Re: CVE request: mybb < 1.4.1", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2008/09/09/9", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-3965", datePublished: "2008-09-10T15:00:00", dateReserved: "2008-09-09T00:00:00", dateUpdated: "2024-08-07T10:00:42.125Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-27946
Vulnerability from cvelistv5
Published
2021-03-15 17:08
Modified
2024-08-03 21:33
Severity ?
EPSS score ?
Summary
SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. (issue 1 of 3).
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mybb/mybb/security/advisories/GHSA-23m9-w75q-ph4p | x_refsource_MISC | |
| http://packetstormsecurity.com/files/161918/MyBB-1.8.25-SQL-Injection.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:33:17.343Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-23m9-w75q-ph4p", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/161918/MyBB-1.8.25-SQL-Injection.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. (issue 1 of 3).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-23T17:06:07", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-23m9-w75q-ph4p", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/161918/MyBB-1.8.25-SQL-Injection.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-27946", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. (issue 1 of 3).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/mybb/mybb/security/advisories/GHSA-23m9-w75q-ph4p", refsource: "MISC", url: "https://github.com/mybb/mybb/security/advisories/GHSA-23m9-w75q-ph4p", }, { name: "http://packetstormsecurity.com/files/161918/MyBB-1.8.25-SQL-Injection.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/161918/MyBB-1.8.25-SQL-Injection.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-27946", datePublished: "2021-03-15T17:08:09", dateReserved: "2021-03-04T00:00:00", dateUpdated: "2024-08-03T21:33:17.343Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-27890
Vulnerability from cvelistv5
Published
2021-03-15 17:04
Modified
2024-08-03 21:33
Severity ?
EPSS score ?
Summary
SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mybb/mybb/security/advisories/GHSA-r34m-ccm8-mfhq | x_refsource_MISC | |
| http://packetstormsecurity.com/files/161908/MyBB-1.8.25-Remote-Command-Execution.html | x_refsource_MISC | |
| https://blog.sonarsource.com/mybb-remote-code-execution-chain | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:33:16.401Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-r34m-ccm8-mfhq", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/161908/MyBB-1.8.25-Remote-Command-Execution.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.sonarsource.com/mybb-remote-code-execution-chain", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-20T18:17:30", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-r34m-ccm8-mfhq", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/161908/MyBB-1.8.25-Remote-Command-Execution.html", }, { tags: [ "x_refsource_MISC", ], url: "https://blog.sonarsource.com/mybb-remote-code-execution-chain", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-27890", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/mybb/mybb/security/advisories/GHSA-r34m-ccm8-mfhq", refsource: "MISC", url: "https://github.com/mybb/mybb/security/advisories/GHSA-r34m-ccm8-mfhq", }, { name: "http://packetstormsecurity.com/files/161908/MyBB-1.8.25-Remote-Command-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/161908/MyBB-1.8.25-Remote-Command-Execution.html", }, { name: "https://blog.sonarsource.com/mybb-remote-code-execution-chain", refsource: "MISC", url: "https://blog.sonarsource.com/mybb-remote-code-execution-chain", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-27890", datePublished: "2021-03-15T17:04:13", dateReserved: "2021-03-02T00:00:00", dateUpdated: "2024-08-03T21:33:16.401Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45556
Vulnerability from cvelistv5
Published
2023-11-06 00:00
Modified
2024-09-05 14:16
Severity ?
EPSS score ?
Summary
Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:21:16.660Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Or4ngm4n/Mybb/blob/main/MyBB%201.8.33%20Cross%20Site%20Scripting.txt", }, { tags: [ "x_transferred", ], url: "https://raw.githubusercontent.com/Or4ngm4n/Mybb/main/Screenshot%202023-10-08%20012112.png", }, { tags: [ "x_transferred", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-4xqm-3cm2-5xgf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-45556", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-05T14:16:43.852992Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-05T14:16:56.909Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-06T21:40:52.545582", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Or4ngm4n/Mybb/blob/main/MyBB%201.8.33%20Cross%20Site%20Scripting.txt", }, { url: "https://raw.githubusercontent.com/Or4ngm4n/Mybb/main/Screenshot%202023-10-08%20012112.png", }, { url: "https://github.com/mybb/mybb/security/advisories/GHSA-4xqm-3cm2-5xgf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-45556", datePublished: "2023-11-06T00:00:00", dateReserved: "2023-10-09T00:00:00", dateUpdated: "2024-09-05T14:16:56.909Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-2352
Vulnerability from cvelistv5
Published
2015-03-19 14:00
Modified
2024-08-06 05:10
Severity ?
EPSS score ?
Summary
The cache handler in MyBB (aka MyBulletinBoard) before 1.8.4 does not properly check the encoding of input to the var_export function, which allows attackers to have an unspecified impact via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/73257 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1031953 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T05:10:16.295Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { name: "73257", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/73257", }, { name: "1031953", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1031953", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-02-15T00:00:00", descriptions: [ { lang: "en", value: "The cache handler in MyBB (aka MyBulletinBoard) before 1.8.4 does not properly check the encoding of input to the var_export function, which allows attackers to have an unspecified impact via unknown vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-30T18:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { name: "73257", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/73257", }, { name: "1031953", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1031953", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-2352", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The cache handler in MyBB (aka MyBulletinBoard) before 1.8.4 does not properly check the encoding of input to the var_export function, which allows attackers to have an unspecified impact via unknown vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", refsource: "CONFIRM", url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { name: "73257", refsource: "BID", url: "http://www.securityfocus.com/bid/73257", }, { name: "1031953", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1031953", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-2352", datePublished: "2015-03-19T14:00:00", dateReserved: "2015-03-19T00:00:00", dateUpdated: "2024-08-06T05:10:16.295Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9417
Vulnerability from cvelistv5
Published
2017-01-31 22:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/11/18/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/11/10/8 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/94396 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:50:38.392Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "94396", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94396", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-10-17T00:00:00", descriptions: [ { lang: "en", value: "The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-02-01T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "94396", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94396", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9417", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", refsource: "CONFIRM", url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "94396", refsource: "BID", url: "http://www.securityfocus.com/bid/94396", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9417", datePublished: "2017-01-31T22:00:00", dateReserved: "2016-11-17T00:00:00", dateUpdated: "2024-08-06T02:50:38.392Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9418
Vulnerability from cvelistv5
Published
2017-01-31 22:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows might allow remote attackers to obtain sensitive information from ACP backups via vectors involving a short name.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/11/18/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/11/10/8 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/94396 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:50:38.333Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "94396", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94396", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-10-17T00:00:00", descriptions: [ { lang: "en", value: "MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows might allow remote attackers to obtain sensitive information from ACP backups via vectors involving a short name.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-02-01T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "94396", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94396", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9418", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows might allow remote attackers to obtain sensitive information from ACP backups via vectors involving a short name.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", refsource: "CONFIRM", url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "94396", refsource: "BID", url: "http://www.securityfocus.com/bid/94396", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9418", datePublished: "2017-01-31T22:00:00", dateReserved: "2016-11-17T00:00:00", dateUpdated: "2024-08-06T02:50:38.333Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-6844
Vulnerability from cvelistv5
Published
2018-02-08 07:00
Modified
2024-08-05 06:17
Severity ?
EPSS score ?
Summary
MyBB 1.8.14 has XSS via the Title or Description field on the Edit Forum screen.
References
| ▼ | URL | Tags |
|---|---|---|
| https://websecnerd.blogspot.com/2018/02/mybb-forum-1.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:17:15.847Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://websecnerd.blogspot.com/2018/02/mybb-forum-1.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-02-08T00:00:00", descriptions: [ { lang: "en", value: "MyBB 1.8.14 has XSS via the Title or Description field on the Edit Forum screen.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-02-08T06:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://websecnerd.blogspot.com/2018/02/mybb-forum-1.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-6844", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "MyBB 1.8.14 has XSS via the Title or Description field on the Edit Forum screen.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://websecnerd.blogspot.com/2018/02/mybb-forum-1.html", refsource: "MISC", url: "https://websecnerd.blogspot.com/2018/02/mybb-forum-1.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-6844", datePublished: "2018-02-08T07:00:00", dateReserved: "2018-02-08T00:00:00", dateUpdated: "2024-08-05T06:17:15.847Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-3966
Vulnerability from cvelistv5
Published
2008-09-10 15:00
Modified
2024-08-07 10:00
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp2.php, (2) a certain location field in inc/functions_online.php, and certain (3) tsubject and (4) psubject fields in moderation.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2008/09/09/1 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/31760 | third-party-advisory, x_refsource_SECUNIA | |
| http://community.mybboard.net/showthread.php?tid=36022 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/31104 | vdb-entry, x_refsource_BID | |
| http://community.mybboard.net/attachment.php?aid=10579 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2008/09/09/9 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T10:00:42.292Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20080909 CVE request: mybb < 1.4.1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2008/09/09/1", }, { name: "31760", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31760", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://community.mybboard.net/showthread.php?tid=36022", }, { name: "31104", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/31104", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://community.mybboard.net/attachment.php?aid=10579", }, { name: "[oss-security] 20080909 Re: CVE request: mybb < 1.4.1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2008/09/09/9", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-09-09T00:00:00", descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp2.php, (2) a certain location field in inc/functions_online.php, and certain (3) tsubject and (4) psubject fields in moderation.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2008-10-24T09:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[oss-security] 20080909 CVE request: mybb < 1.4.1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2008/09/09/1", }, { name: "31760", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31760", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://community.mybboard.net/showthread.php?tid=36022", }, { name: "31104", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/31104", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://community.mybboard.net/attachment.php?aid=10579", }, { name: "[oss-security] 20080909 Re: CVE request: mybb < 1.4.1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2008/09/09/9", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-3966", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp2.php, (2) a certain location field in inc/functions_online.php, and certain (3) tsubject and (4) psubject fields in moderation.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20080909 CVE request: mybb < 1.4.1", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2008/09/09/1", }, { name: "31760", refsource: "SECUNIA", url: "http://secunia.com/advisories/31760", }, { name: "http://community.mybboard.net/showthread.php?tid=36022", refsource: "CONFIRM", url: "http://community.mybboard.net/showthread.php?tid=36022", }, { name: "31104", refsource: "BID", url: "http://www.securityfocus.com/bid/31104", }, { name: "http://community.mybboard.net/attachment.php?aid=10579", refsource: "CONFIRM", url: "http://community.mybboard.net/attachment.php?aid=10579", }, { name: "[oss-security] 20080909 Re: CVE request: mybb < 1.4.1", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2008/09/09/9", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-3966", datePublished: "2008-09-10T15:00:00", dateReserved: "2008-09-09T00:00:00", dateUpdated: "2024-08-07T10:00:42.292Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-45867
Vulnerability from cvelistv5
Published
2023-01-03 00:00
Modified
2024-08-03 14:24
Severity ?
EPSS score ?
Summary
MyBB before 1.8.33 allows Directory Traversal. The Admin CP Languages module allows remote authenticated users, with high privileges, to achieve local file inclusion and execution.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:24:03.022Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-cpfv-6f8w-759r", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "MyBB before 1.8.33 allows Directory Traversal. The Admin CP Languages module allows remote authenticated users, with high privileges, to achieve local file inclusion and execution.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-03T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/mybb/mybb/security/advisories/GHSA-cpfv-6f8w-759r", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-45867", datePublished: "2023-01-03T00:00:00", dateReserved: "2022-11-23T00:00:00", dateUpdated: "2024-08-03T14:24:03.022Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12831
Vulnerability from cvelistv5
Published
2019-06-15 17:05
Modified
2024-08-04 23:32
Severity ?
EPSS score ?
Summary
In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of aaaaaaaaaaaaaaaaaaaaaaaaaa.php.css to aaaaaaaaaaaaaaaaaaaaaaaaaa.php with a 30-character limit, aka theme import stylesheet name RCE.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.ripstech.com/2019/mybb-stored-xss-to-rce/ | x_refsource_MISC | |
| https://blog.mybb.com/2019/06/10/mybb-1-8-21-released-security-maintenance-release/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:32:55.221Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.ripstech.com/2019/mybb-stored-xss-to-rce/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.mybb.com/2019/06/10/mybb-1-8-21-released-security-maintenance-release/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of aaaaaaaaaaaaaaaaaaaaaaaaaa.php.css to aaaaaaaaaaaaaaaaaaaaaaaaaa.php with a 30-character limit, aka theme import stylesheet name RCE.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-15T17:05:08", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://blog.ripstech.com/2019/mybb-stored-xss-to-rce/", }, { tags: [ "x_refsource_MISC", ], url: "https://blog.mybb.com/2019/06/10/mybb-1-8-21-released-security-maintenance-release/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-12831", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of aaaaaaaaaaaaaaaaaaaaaaaaaa.php.css to aaaaaaaaaaaaaaaaaaaaaaaaaa.php with a 30-character limit, aka theme import stylesheet name RCE.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://blog.ripstech.com/2019/mybb-stored-xss-to-rce/", refsource: "MISC", url: "https://blog.ripstech.com/2019/mybb-stored-xss-to-rce/", }, { name: "https://blog.mybb.com/2019/06/10/mybb-1-8-21-released-security-maintenance-release/", refsource: "MISC", url: "https://blog.mybb.com/2019/06/10/mybb-1-8-21-released-security-maintenance-release/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-12831", datePublished: "2019-06-15T17:05:08", dateReserved: "2019-06-15T00:00:00", dateUpdated: "2024-08-04T23:32:55.221Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-3967
Vulnerability from cvelistv5
Published
2008-09-10 15:00
Modified
2024-08-07 10:00
Severity ?
EPSS score ?
Summary
moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2008/09/09/1 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/31760 | third-party-advisory, x_refsource_SECUNIA | |
| http://community.mybboard.net/showthread.php?tid=36022 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/31104 | vdb-entry, x_refsource_BID | |
| http://community.mybboard.net/attachment.php?aid=10579 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2008/09/09/9 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T10:00:42.598Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20080909 CVE request: mybb < 1.4.1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2008/09/09/1", }, { name: "31760", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31760", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://community.mybboard.net/showthread.php?tid=36022", }, { name: "31104", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/31104", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://community.mybboard.net/attachment.php?aid=10579", }, { name: "[oss-security] 20080909 Re: CVE request: mybb < 1.4.1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2008/09/09/9", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-09-09T00:00:00", descriptions: [ { lang: "en", value: "moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2008-10-24T09:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[oss-security] 20080909 CVE request: mybb < 1.4.1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2008/09/09/1", }, { name: "31760", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31760", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://community.mybboard.net/showthread.php?tid=36022", }, { name: "31104", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/31104", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://community.mybboard.net/attachment.php?aid=10579", }, { name: "[oss-security] 20080909 Re: CVE request: mybb < 1.4.1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2008/09/09/9", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-3967", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20080909 CVE request: mybb < 1.4.1", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2008/09/09/1", }, { name: "31760", refsource: "SECUNIA", url: "http://secunia.com/advisories/31760", }, { name: "http://community.mybboard.net/showthread.php?tid=36022", refsource: "CONFIRM", url: "http://community.mybboard.net/showthread.php?tid=36022", }, { name: "31104", refsource: "BID", url: "http://www.securityfocus.com/bid/31104", }, { name: "http://community.mybboard.net/attachment.php?aid=10579", refsource: "CONFIRM", url: "http://community.mybboard.net/attachment.php?aid=10579", }, { name: "[oss-security] 20080909 Re: CVE request: mybb < 1.4.1", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2008/09/09/9", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-3967", datePublished: "2008-09-10T15:00:00", dateReserved: "2008-09-09T00:00:00", dateUpdated: "2024-08-07T10:00:42.598Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23335
Vulnerability from cvelistv5
Published
2024-05-01 06:27
Modified
2024-08-01 22:59
Severity ?
EPSS score ?
Summary
MyBB is a free and open source forum software. The backup management module of the Admin CP may accept `.htaccess` as the name of the backup file to be deleted, which may expose the stored backup files over HTTP on Apache servers. MyBB 1.8.38 resolves this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mybb/mybb/security/advisories/GHSA-94xr-g4ww-j47r | x_refsource_CONFIRM | |
| https://github.com/mybb/mybb/commit/450259e501b94c9d483efb167cb2bf875605e111.patch | x_refsource_MISC | |
| https://mybb.com/versions/1.8.38 | x_refsource_MISC |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-23335", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-03T14:28:16.476681Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T17:22:58.738Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.211Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/mybb/mybb/security/advisories/GHSA-94xr-g4ww-j47r", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-94xr-g4ww-j47r", }, { name: "https://github.com/mybb/mybb/commit/450259e501b94c9d483efb167cb2bf875605e111.patch", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/mybb/mybb/commit/450259e501b94c9d483efb167cb2bf875605e111.patch", }, { name: "https://mybb.com/versions/1.8.38", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://mybb.com/versions/1.8.38", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "mybb", vendor: "mybb", versions: [ { status: "affected", version: "< 1.8.38", }, ], }, ], descriptions: [ { lang: "en", value: "MyBB is a free and open source forum software. The backup management module of the Admin CP may accept `.htaccess` as the name of the backup file to be deleted, which may expose the stored backup files over HTTP on Apache servers. MyBB 1.8.38 resolves this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-01T06:27:42.162Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/mybb/mybb/security/advisories/GHSA-94xr-g4ww-j47r", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-94xr-g4ww-j47r", }, { name: "https://github.com/mybb/mybb/commit/450259e501b94c9d483efb167cb2bf875605e111.patch", tags: [ "x_refsource_MISC", ], url: "https://github.com/mybb/mybb/commit/450259e501b94c9d483efb167cb2bf875605e111.patch", }, { name: "https://mybb.com/versions/1.8.38", tags: [ "x_refsource_MISC", ], url: "https://mybb.com/versions/1.8.38", }, ], source: { advisory: "GHSA-94xr-g4ww-j47r", discovery: "UNKNOWN", }, title: "Backups directory .htaccess deletion in. MyBB", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-23335", datePublished: "2024-05-01T06:27:42.162Z", dateReserved: "2024-01-15T15:19:19.443Z", dateUpdated: "2024-08-01T22:59:32.211Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-43281
Vulnerability from cvelistv5
Published
2021-11-04 17:42
Modified
2024-08-04 03:55
Severity ?
EPSS score ?
Summary
MyBB before 1.8.29 allows Remote Code Injection by an admin with the "Can manage settings?" permission. The Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type "php" with PHP code, executed on Change Settings pages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mybb/mybb/security/advisories/GHSA-8gxx-vmr9-h39p | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:55:28.469Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-8gxx-vmr9-h39p", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "MyBB before 1.8.29 allows Remote Code Injection by an admin with the \"Can manage settings?\" permission. The Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type \"php\" with PHP code, executed on Change Settings pages.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-04T17:42:34", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-8gxx-vmr9-h39p", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-43281", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "MyBB before 1.8.29 allows Remote Code Injection by an admin with the \"Can manage settings?\" permission. The Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type \"php\" with PHP code, executed on Change Settings pages.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/mybb/mybb/security/advisories/GHSA-8gxx-vmr9-h39p", refsource: "CONFIRM", url: "https://github.com/mybb/mybb/security/advisories/GHSA-8gxx-vmr9-h39p", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-43281", datePublished: "2021-11-04T17:42:34", dateReserved: "2021-11-02T00:00:00", dateUpdated: "2024-08-04T03:55:28.469Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-8103
Vulnerability from cvelistv5
Published
2017-04-24 18:00
Modified
2024-09-16 18:29
Severity ?
EPSS score ?
Summary
In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2017/Apr/53 | x_refsource_MISC | |
| https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:27:22.438Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2017/Apr/53", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-04-24T18:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://seclists.org/fulldisclosure/2017/Apr/53", }, { tags: [ "x_refsource_MISC", ], url: "https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-8103", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://seclists.org/fulldisclosure/2017/Apr/53", refsource: "MISC", url: "http://seclists.org/fulldisclosure/2017/Apr/53", }, { name: "https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/", refsource: "MISC", url: "https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-8103", datePublished: "2017-04-24T18:00:00Z", dateReserved: "2017-04-24T00:00:00Z", dateUpdated: "2024-09-16T18:29:44.703Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-0544
Vulnerability from cvelistv5
Published
2007-01-29 17:00
Modified
2024-08-07 12:19
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/31740 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/32967 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/22205 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/23934 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/457929/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/28837 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T12:19:30.529Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "mybb-subject-field-xss(31740)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/31740", }, { name: "32967", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/32967", }, { name: "22205", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/22205", }, { name: "23934", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23934", }, { name: "20070124 [Aria-Security Team] MyBB Cross-Site Scripting", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/457929/100/0/threaded", }, { name: "28837", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/28837", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-01-24T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "mybb-subject-field-xss(31740)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/31740", }, { name: "32967", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/32967", }, { name: "22205", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/22205", }, { name: "23934", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23934", }, { name: "20070124 [Aria-Security Team] MyBB Cross-Site Scripting", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/457929/100/0/threaded", }, { name: "28837", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/28837", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-0544", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "mybb-subject-field-xss(31740)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/31740", }, { name: "32967", refsource: "OSVDB", url: "http://osvdb.org/32967", }, { name: "22205", refsource: "BID", url: "http://www.securityfocus.com/bid/22205", }, { name: "23934", refsource: "SECUNIA", url: "http://secunia.com/advisories/23934", }, { name: "20070124 [Aria-Security Team] MyBB Cross-Site Scripting", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/457929/100/0/threaded", }, { name: "28837", refsource: "SECUNIA", url: "http://secunia.com/advisories/28837", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-0544", datePublished: "2007-01-29T17:00:00", dateReserved: "2007-01-29T00:00:00", dateUpdated: "2024-08-07T12:19:30.529Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-5131
Vulnerability from cvelistv5
Published
2012-08-30 22:00
Modified
2024-08-07 00:23
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of a user for requests that change the user's language via the language parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://dev.mybb.com/issues/1729 | x_refsource_CONFIRM | |
| http://www.osvdb.org/77327 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/46951 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/71462 | vdb-entry, x_refsource_XF | |
| http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/50816 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T00:23:40.140Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://dev.mybb.com/issues/1729", }, { name: "77327", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/77327", }, { name: "46951", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/46951", }, { name: "mybb-language-setting-csrf(71462)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/71462", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/", }, { name: "50816", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/50816", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-10-08T00:00:00", descriptions: [ { lang: "en", value: "Cross-site request forgery (CSRF) vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of a user for requests that change the user's language via the language parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://dev.mybb.com/issues/1729", }, { name: "77327", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/77327", }, { name: "46951", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/46951", }, { name: "mybb-language-setting-csrf(71462)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/71462", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/", }, { name: "50816", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/50816", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2011-5131", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site request forgery (CSRF) vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of a user for requests that change the user's language via the language parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://dev.mybb.com/issues/1729", refsource: "CONFIRM", url: "http://dev.mybb.com/issues/1729", }, { name: "77327", refsource: "OSVDB", url: "http://www.osvdb.org/77327", }, { name: "46951", refsource: "SECUNIA", url: "http://secunia.com/advisories/46951", }, { name: "mybb-language-setting-csrf(71462)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/71462", }, { name: "http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/", refsource: "CONFIRM", url: "http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/", }, { name: "50816", refsource: "BID", url: "http://www.securityfocus.com/bid/50816", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2011-5131", datePublished: "2012-08-30T22:00:00", dateReserved: "2012-08-30T00:00:00", dateUpdated: "2024-08-07T00:23:40.140Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-2325
Vulnerability from cvelistv5
Published
2012-08-13 18:00
Modified
2024-09-16 23:55
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the User Inline Moderation feature in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/53417 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2012/05/07/13 | mailing-list, x_refsource_MLIST | |
| http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/05/07/14 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T19:34:25.401Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "53417", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/53417", }, { name: "[oss-security] 20120507 CVE request: mybb before 1.6.7", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/05/07/13", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", }, { name: "[oss-security] 20120507 Re: CVE request: mybb before 1.6.7", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/05/07/14", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "SQL injection vulnerability in the User Inline Moderation feature in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to execute arbitrary SQL commands via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-08-13T18:00:00Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "53417", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/53417", }, { name: "[oss-security] 20120507 CVE request: mybb before 1.6.7", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/05/07/13", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", }, { name: "[oss-security] 20120507 Re: CVE request: mybb before 1.6.7", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/05/07/14", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2012-2325", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL injection vulnerability in the User Inline Moderation feature in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to execute arbitrary SQL commands via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "53417", refsource: "BID", url: "http://www.securityfocus.com/bid/53417", }, { name: "[oss-security] 20120507 CVE request: mybb before 1.6.7", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/05/07/13", }, { name: "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", refsource: "CONFIRM", url: "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", }, { name: "[oss-security] 20120507 Re: CVE request: mybb before 1.6.7", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/05/07/14", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-2325", datePublished: "2012-08-13T18:00:00Z", dateReserved: "2012-04-19T00:00:00Z", dateUpdated: "2024-09-16T23:55:43.800Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-2786
Vulnerability from cvelistv5
Published
2015-03-29 21:00
Modified
2024-08-06 05:24
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in MyBB (aka MyBulletinBoard) before 1.8.4 has unknown attack vectors related to "Group join request notifications sent to wrong group leaders."
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/73394 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T05:24:38.933Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { name: "73394", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/73394", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-02-15T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in MyBB (aka MyBulletinBoard) before 1.8.4 has unknown attack vectors related to \"Group join request notifications sent to wrong group leaders.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-30T18:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { name: "73394", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/73394", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-2786", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in MyBB (aka MyBulletinBoard) before 1.8.4 has unknown attack vectors related to \"Group join request notifications sent to wrong group leaders.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", refsource: "CONFIRM", url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { name: "73394", refsource: "BID", url: "http://www.securityfocus.com/bid/73394", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-2786", datePublished: "2015-03-29T21:00:00", dateReserved: "2015-03-29T00:00:00", dateUpdated: "2024-08-06T05:24:38.933Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-3070
Vulnerability from cvelistv5
Published
2008-07-08 18:00
Modified
2024-08-07 09:21
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $user['language'] variable, probably related to SQL injection.
References
| ▼ | URL | Tags |
|---|---|---|
| http://community.mybboard.net/attachment.php?aid=9272 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/31013 | third-party-advisory, x_refsource_SECUNIA | |
| http://community.mybboard.net/showthread.php?tid=31666 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:21:35.046Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://community.mybboard.net/attachment.php?aid=9272", }, { name: "31013", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31013", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://community.mybboard.net/showthread.php?tid=31666", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-05-21T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $user['language'] variable, probably related to SQL injection.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-11-27T10:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://community.mybboard.net/attachment.php?aid=9272", }, { name: "31013", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31013", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://community.mybboard.net/showthread.php?tid=31666", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-3070", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $user['language'] variable, probably related to SQL injection.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://community.mybboard.net/attachment.php?aid=9272", refsource: "CONFIRM", url: "http://community.mybboard.net/attachment.php?aid=9272", }, { name: "31013", refsource: "SECUNIA", url: "http://secunia.com/advisories/31013", }, { name: "http://community.mybboard.net/showthread.php?tid=31666", refsource: "CONFIRM", url: "http://community.mybboard.net/showthread.php?tid=31666", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-3070", datePublished: "2008-07-08T18:00:00", dateReserved: "2008-07-08T00:00:00", dateUpdated: "2024-08-07T09:21:35.046Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-4629
Vulnerability from cvelistv5
Published
2010-12-30 20:00
Modified
2024-08-07 03:51
Severity ?
EPSS score ?
Summary
MyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict uid values for group join requests, which allows remote attackers to cause a denial of service (resource consumption) by using guest access to submit join request forms for moderated groups, related to usercp.php and managegroup.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64513 | vdb-entry, x_refsource_XF | |
| http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/ | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2010/10/08/7 | mailing-list, x_refsource_MLIST | |
| http://dev.mybboard.net/projects/mybb/repository/revisions/4856 | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2010/10/11/8 | mailing-list, x_refsource_MLIST | |
| http://dev.mybboard.net/issues/722 | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2010/12/06/2 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T03:51:17.935Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "mybb-uid-values-dos(64513)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64513", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", }, { name: "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2010/10/08/7", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://dev.mybboard.net/projects/mybb/repository/revisions/4856", }, { name: "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2010/10/11/8", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://dev.mybboard.net/issues/722", }, { name: "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2010/12/06/2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2010-04-13T00:00:00", descriptions: [ { lang: "en", value: "MyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict uid values for group join requests, which allows remote attackers to cause a denial of service (resource consumption) by using guest access to submit join request forms for moderated groups, related to usercp.php and managegroup.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "mybb-uid-values-dos(64513)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64513", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", }, { name: "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openwall.com/lists/oss-security/2010/10/08/7", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://dev.mybboard.net/projects/mybb/repository/revisions/4856", }, { name: "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openwall.com/lists/oss-security/2010/10/11/8", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://dev.mybboard.net/issues/722", }, { name: "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openwall.com/lists/oss-security/2010/12/06/2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2010-4629", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "MyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict uid values for group join requests, which allows remote attackers to cause a denial of service (resource consumption) by using guest access to submit join request forms for moderated groups, related to usercp.php and managegroup.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "mybb-uid-values-dos(64513)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64513", }, { name: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", refsource: "CONFIRM", url: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", }, { name: "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12", refsource: "MLIST", url: "http://openwall.com/lists/oss-security/2010/10/08/7", }, { name: "http://dev.mybboard.net/projects/mybb/repository/revisions/4856", refsource: "CONFIRM", url: "http://dev.mybboard.net/projects/mybb/repository/revisions/4856", }, { name: "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12", refsource: "MLIST", url: "http://openwall.com/lists/oss-security/2010/10/11/8", }, { name: "http://dev.mybboard.net/issues/722", refsource: "CONFIRM", url: "http://dev.mybboard.net/issues/722", }, { name: "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12", refsource: "MLIST", url: "http://openwall.com/lists/oss-security/2010/12/06/2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2010-4629", datePublished: "2010-12-30T20:00:00", dateReserved: "2010-12-30T00:00:00", dateUpdated: "2024-08-07T03:51:17.935Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-3579
Vulnerability from cvelistv5
Published
2019-06-06 18:11
Modified
2024-08-04 19:12
Severity ?
EPSS score ?
Summary
MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/ | x_refsource_CONFIRM | |
| https://blog.mybb.com/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:12:09.648Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.mybb.com/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-06T18:11:32", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/", }, { tags: [ "x_refsource_MISC", ], url: "https://blog.mybb.com/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-3579", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/", refsource: "CONFIRM", url: "https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/", }, { name: "https://blog.mybb.com/", refsource: "MISC", url: "https://blog.mybb.com/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-3579", datePublished: "2019-06-06T18:11:32", dateReserved: "2019-01-02T00:00:00", dateUpdated: "2024-08-04T19:12:09.648Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-43707
Vulnerability from cvelistv5
Published
2022-11-21 00:00
Modified
2024-08-03 13:40
Severity ?
EPSS score ?
Summary
MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in the visual MyCode editor (SCEditor) allows remote attackers to inject HTML via user input or stored data
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:40:06.125Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://mybb.com", }, { tags: [ "x_transferred", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-6vpw-m83q-27px", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in the visual MyCode editor (SCEditor) allows remote attackers to inject HTML via user input or stored data", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-21T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://mybb.com", }, { url: "https://github.com/mybb/mybb/security/advisories/GHSA-6vpw-m83q-27px", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-43707", datePublished: "2022-11-21T00:00:00", dateReserved: "2022-10-24T00:00:00", dateUpdated: "2024-08-03T13:40:06.125Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9409
Vulnerability from cvelistv5
Published
2017-01-31 22:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving pruning logs.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94395 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/11/18/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/11/10/8 | mailing-list, x_refsource_MLIST | |
| https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:50:37.974Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "94395", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-11T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving pruning logs.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-02-01T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "94395", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9409", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving pruning logs.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "94395", refsource: "BID", url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", refsource: "CONFIRM", url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9409", datePublished: "2017-01-31T22:00:00", dateReserved: "2016-11-17T00:00:00", dateUpdated: "2024-08-06T02:50:37.974Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-4569
Vulnerability from cvelistv5
Published
2011-11-29 11:00
Modified
2024-08-07 00:09
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in userbarsettings.php in the Userbar plugin 2.2 for MyBB Forum allows remote attackers to execute arbitrary SQL commands via the image2 parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/50049 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/70474 | vdb-entry, x_refsource_XF | |
| http://www.exploit-db.com/exploits/17962 | exploit, x_refsource_EXPLOIT-DB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T00:09:19.028Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "50049", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/50049", }, { name: "mybbforum-image2-sql-injection(70474)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/70474", }, { name: "17962", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "http://www.exploit-db.com/exploits/17962", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-10-10T00:00:00", descriptions: [ { lang: "en", value: "SQL injection vulnerability in userbarsettings.php in the Userbar plugin 2.2 for MyBB Forum allows remote attackers to execute arbitrary SQL commands via the image2 parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "50049", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/50049", }, { name: "mybbforum-image2-sql-injection(70474)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/70474", }, { name: "17962", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "http://www.exploit-db.com/exploits/17962", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2011-4569", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL injection vulnerability in userbarsettings.php in the Userbar plugin 2.2 for MyBB Forum allows remote attackers to execute arbitrary SQL commands via the image2 parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "50049", refsource: "BID", url: "http://www.securityfocus.com/bid/50049", }, { name: "mybbforum-image2-sql-injection(70474)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/70474", }, { name: "17962", refsource: "EXPLOIT-DB", url: "http://www.exploit-db.com/exploits/17962", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2011-4569", datePublished: "2011-11-29T11:00:00", dateReserved: "2011-11-28T00:00:00", dateUpdated: "2024-08-07T00:09:19.028Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9419
Vulnerability from cvelistv5
Published
2017-01-31 22:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/11/18/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/11/10/8 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/94396 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:50:38.340Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "94396", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94396", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-10-17T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-02-01T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "94396", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94396", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9419", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", refsource: "CONFIRM", url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "94396", refsource: "BID", url: "http://www.securityfocus.com/bid/94396", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9419", datePublished: "2017-01-31T22:00:00", dateReserved: "2016-11-17T00:00:00", dateUpdated: "2024-08-06T02:50:38.340Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1000502
Vulnerability from cvelistv5
Published
2018-06-26 16:00
Modified
2024-08-05 12:40
Severity ?
EPSS score ?
Summary
MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance -> Task Manager -> Add New Task) that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. This attack appear to be exploitable via Must have access to admin panel. This vulnerability appears to have been fixed in 1.8.15.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.batterystapl.es/2018/03/local-file-inclusion-and-reading.html | x_refsource_MISC | |
| https://blog.mybb.com/2018/03/15/mybb-1-8-15-released-security-maintenance-release/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:40:47.006Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.batterystapl.es/2018/03/local-file-inclusion-and-reading.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.mybb.com/2018/03/15/mybb-1-8-15-released-security-maintenance-release/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], dateAssigned: "2018-06-23T00:00:00", datePublic: "2018-06-26T00:00:00", descriptions: [ { lang: "en", value: "MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance -> Task Manager -> Add New Task) that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. This attack appear to be exploitable via Must have access to admin panel. This vulnerability appears to have been fixed in 1.8.15.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-26T15:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.batterystapl.es/2018/03/local-file-inclusion-and-reading.html", }, { tags: [ "x_refsource_MISC", ], url: "https://blog.mybb.com/2018/03/15/mybb-1-8-15-released-security-maintenance-release/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", DATE_ASSIGNED: "2018-06-23T11:22:33.002399", DATE_REQUESTED: "2018-04-07T06:34:59", ID: "CVE-2018-1000502", REQUESTER: "riley@mailo.com", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance -> Task Manager -> Add New Task) that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. This attack appear to be exploitable via Must have access to admin panel. This vulnerability appears to have been fixed in 1.8.15.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.batterystapl.es/2018/03/local-file-inclusion-and-reading.html", refsource: "MISC", url: "http://www.batterystapl.es/2018/03/local-file-inclusion-and-reading.html", }, { name: "https://blog.mybb.com/2018/03/15/mybb-1-8-15-released-security-maintenance-release/", refsource: "MISC", url: "https://blog.mybb.com/2018/03/15/mybb-1-8-15-released-security-maintenance-release/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-1000502", datePublished: "2018-06-26T16:00:00", dateReserved: "2018-04-07T00:00:00", dateUpdated: "2024-08-05T12:40:47.006Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-27947
Vulnerability from cvelistv5
Published
2021-03-15 17:10
Modified
2024-08-03 21:33
Severity ?
EPSS score ?
Summary
SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. (issue 2 of 3).
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mybb/mybb/security/advisories/GHSA-jjx8-8mcp-7h65 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:33:16.403Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-jjx8-8mcp-7h65", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. (issue 2 of 3).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-15T17:14:32", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-jjx8-8mcp-7h65", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-27947", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. (issue 2 of 3).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/mybb/mybb/security/advisories/GHSA-jjx8-8mcp-7h65", refsource: "MISC", url: "https://github.com/mybb/mybb/security/advisories/GHSA-jjx8-8mcp-7h65", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-27947", datePublished: "2021-03-15T17:10:33", dateReserved: "2021-03-04T00:00:00", dateUpdated: "2024-08-03T21:33:16.403Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9410
Vulnerability from cvelistv5
Published
2017-01-31 22:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to obtain sensitive database information via vectors involving templates.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94395 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/11/18/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/11/10/8 | mailing-list, x_refsource_MLIST | |
| https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:50:37.938Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "94395", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-11T00:00:00", descriptions: [ { lang: "en", value: "MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to obtain sensitive database information via vectors involving templates.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-02-01T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "94395", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9410", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to obtain sensitive database information via vectors involving templates.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "94395", refsource: "BID", url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", refsource: "CONFIRM", url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9410", datePublished: "2017-01-31T22:00:00", dateReserved: "2016-11-17T00:00:00", dateUpdated: "2024-08-06T02:50:37.938Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-9240
Vulnerability from cvelistv5
Published
2014-12-03 21:00
Modified
2024-09-17 03:03
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the question_id parameter in a do_register action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.mybb.com/2014/11/13/mybb-1-8-2-released-security-release/ | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/129109/MyBB-1.8.1-Cross-Site-Scripting-SQL-Injection.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T13:40:25.093Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.mybb.com/2014/11/13/mybb-1-8-2-released-security-release/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/129109/MyBB-1.8.1-Cross-Site-Scripting-SQL-Injection.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the question_id parameter in a do_register action.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-12-03T21:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.mybb.com/2014/11/13/mybb-1-8-2-released-security-release/", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/129109/MyBB-1.8.1-Cross-Site-Scripting-SQL-Injection.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-9240", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the question_id parameter in a do_register action.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://blog.mybb.com/2014/11/13/mybb-1-8-2-released-security-release/", refsource: "CONFIRM", url: "http://blog.mybb.com/2014/11/13/mybb-1-8-2-released-security-release/", }, { name: "http://packetstormsecurity.com/files/129109/MyBB-1.8.1-Cross-Site-Scripting-SQL-Injection.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/129109/MyBB-1.8.1-Cross-Site-Scripting-SQL-Injection.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-9240", datePublished: "2014-12-03T21:00:00Z", dateReserved: "2014-12-03T00:00:00Z", dateUpdated: "2024-09-17T03:03:49.182Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-4552
Vulnerability from cvelistv5
Published
2015-09-03 17:00
Modified
2024-08-06 06:18
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the quick edit function in xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the content of a post.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1033471 | vdb-entry, x_refsource_SECTRACK | |
| http://adrianhayter.com/exploits.php | x_refsource_MISC | |
| http://blog.mybb.com/2015/05/27/mybb-1-8-5-1-6-17-merge-system-1-8-5-release/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:18:12.065Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1033471", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1033471", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://adrianhayter.com/exploits.php", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.mybb.com/2015/05/27/mybb-1-8-5-1-6-17-merge-system-1-8-5-release/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-05-27T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the quick edit function in xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the content of a post.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-20T16:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1033471", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1033471", }, { tags: [ "x_refsource_MISC", ], url: "http://adrianhayter.com/exploits.php", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.mybb.com/2015/05/27/mybb-1-8-5-1-6-17-merge-system-1-8-5-release/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-4552", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the quick edit function in xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the content of a post.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1033471", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1033471", }, { name: "http://adrianhayter.com/exploits.php", refsource: "MISC", url: "http://adrianhayter.com/exploits.php", }, { name: "http://blog.mybb.com/2015/05/27/mybb-1-8-5-1-6-17-merge-system-1-8-5-release/", refsource: "CONFIRM", url: "http://blog.mybb.com/2015/05/27/mybb-1-8-5-1-6-17-merge-system-1-8-5-release/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-4552", datePublished: "2015-09-03T17:00:00", dateReserved: "2015-06-14T00:00:00", dateUpdated: "2024-08-06T06:18:12.065Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-5133
Vulnerability from cvelistv5
Published
2012-08-30 22:00
Modified
2024-09-17 00:51
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and attack vectors, related to an "unparsed user avatar in the buddy list."
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/46951 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/77325 | vdb-entry, x_refsource_OSVDB | |
| http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/50816 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T00:23:40.148Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "46951", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/46951", }, { name: "77325", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/77325", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/", }, { name: "50816", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/50816", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and attack vectors, related to an \"unparsed user avatar in the buddy list.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-08-30T22:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "46951", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/46951", }, { name: "77325", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/77325", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/", }, { name: "50816", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/50816", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2011-5133", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and attack vectors, related to an \"unparsed user avatar in the buddy list.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "46951", refsource: "SECUNIA", url: "http://secunia.com/advisories/46951", }, { name: "77325", refsource: "OSVDB", url: "http://www.osvdb.org/77325", }, { name: "http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/", refsource: "CONFIRM", url: "http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/", }, { name: "50816", refsource: "BID", url: "http://www.securityfocus.com/bid/50816", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2011-5133", datePublished: "2012-08-30T22:00:00Z", dateReserved: "2012-08-30T00:00:00Z", dateUpdated: "2024-09-17T00:51:26.797Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-19049
Vulnerability from cvelistv5
Published
2021-08-31 13:16
Modified
2024-08-04 14:08
Severity ?
EPSS score ?
Summary
Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Description" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/joelister/bug/issues/2 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T14:08:30.631Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/joelister/bug/issues/2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the \"Description\" field found in the \"Add New Forum\" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-31T13:16:35", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/joelister/bug/issues/2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-19049", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the \"Description\" field found in the \"Add New Forum\" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/joelister/bug/issues/2", refsource: "MISC", url: "https://github.com/joelister/bug/issues/2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-19049", datePublished: "2021-08-31T13:16:35", dateReserved: "2020-08-13T00:00:00", dateUpdated: "2024-08-04T14:08:30.631Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-2149
Vulnerability from cvelistv5
Published
2015-03-18 14:00
Modified
2024-08-06 05:02
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) MIME-type field in an add action in the config-attachment_types module to admin/index.php; (2) title or (3) short description field in an add action in the (a) config-mycode or (b) user-groups module to admin/index.php; (4) title field in an add action in the (c) forum-management or (d) tool-tasks module to admin/index.php; (5) name field in an add_set action in the style-templates module to admin/index.php; (6) title field in an add_template_group action in the style-templates module to admin/index.php; (7) name field in an add action in the config-post_icons module to admin/index.php; (8) "title to assign" field in an add action in the user-titles module to admin/index.php; or (9) username field in the config-banning module to admin/index.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/72738 | vdb-entry, x_refsource_BID | |
| http://seclists.org/oss-sec/2015/q1/629 | mailing-list, x_refsource_MLIST | |
| http://sroesemann.blogspot.de/2015/02/sroeadv-2015-15.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2015/Feb/80 | mailing-list, x_refsource_FULLDISC | |
| http://www.securitytracker.com/id/1031953 | vdb-entry, x_refsource_SECTRACK | |
| http://seclists.org/oss-sec/2015/q1/705 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T05:02:43.413Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { name: "72738", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/72738", }, { name: "[oss-security] 20150221 CVE-Request -- MyBB v. 1.8.3 -- Multiple stored XSS-vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://seclists.org/oss-sec/2015/q1/629", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://sroesemann.blogspot.de/2015/02/sroeadv-2015-15.html", }, { name: "20150221 Multiple stored XSS-vulnerabilities in MyBB v. 1.8.3", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2015/Feb/80", }, { name: "1031953", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1031953", }, { name: "[oss-security] 20150227 Re: CVE-Request -- MyBB v. 1.8.3 -- Multiple stored XSS-vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://seclists.org/oss-sec/2015/q1/705", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-02-19T00:00:00", descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) MIME-type field in an add action in the config-attachment_types module to admin/index.php; (2) title or (3) short description field in an add action in the (a) config-mycode or (b) user-groups module to admin/index.php; (4) title field in an add action in the (c) forum-management or (d) tool-tasks module to admin/index.php; (5) name field in an add_set action in the style-templates module to admin/index.php; (6) title field in an add_template_group action in the style-templates module to admin/index.php; (7) name field in an add action in the config-post_icons module to admin/index.php; (8) \"title to assign\" field in an add action in the user-titles module to admin/index.php; or (9) username field in the config-banning module to admin/index.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-15T11:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { name: "72738", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/72738", }, { name: "[oss-security] 20150221 CVE-Request -- MyBB v. 1.8.3 -- Multiple stored XSS-vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://seclists.org/oss-sec/2015/q1/629", }, { tags: [ "x_refsource_MISC", ], url: "http://sroesemann.blogspot.de/2015/02/sroeadv-2015-15.html", }, { name: "20150221 Multiple stored XSS-vulnerabilities in MyBB v. 1.8.3", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2015/Feb/80", }, { name: "1031953", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1031953", }, { name: "[oss-security] 20150227 Re: CVE-Request -- MyBB v. 1.8.3 -- Multiple stored XSS-vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://seclists.org/oss-sec/2015/q1/705", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-2149", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) MIME-type field in an add action in the config-attachment_types module to admin/index.php; (2) title or (3) short description field in an add action in the (a) config-mycode or (b) user-groups module to admin/index.php; (4) title field in an add action in the (c) forum-management or (d) tool-tasks module to admin/index.php; (5) name field in an add_set action in the style-templates module to admin/index.php; (6) title field in an add_template_group action in the style-templates module to admin/index.php; (7) name field in an add action in the config-post_icons module to admin/index.php; (8) \"title to assign\" field in an add action in the user-titles module to admin/index.php; or (9) username field in the config-banning module to admin/index.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", refsource: "CONFIRM", url: "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", }, { name: "72738", refsource: "BID", url: "http://www.securityfocus.com/bid/72738", }, { name: "[oss-security] 20150221 CVE-Request -- MyBB v. 1.8.3 -- Multiple stored XSS-vulnerabilities", refsource: "MLIST", url: "http://seclists.org/oss-sec/2015/q1/629", }, { name: "http://sroesemann.blogspot.de/2015/02/sroeadv-2015-15.html", refsource: "MISC", url: "http://sroesemann.blogspot.de/2015/02/sroeadv-2015-15.html", }, { name: "20150221 Multiple stored XSS-vulnerabilities in MyBB v. 1.8.3", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2015/Feb/80", }, { name: "1031953", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1031953", }, { name: "[oss-security] 20150227 Re: CVE-Request -- MyBB v. 1.8.3 -- Multiple stored XSS-vulnerabilities", refsource: "MLIST", url: "http://seclists.org/oss-sec/2015/q1/705", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-2149", datePublished: "2015-03-18T14:00:00", dateReserved: "2015-02-27T00:00:00", dateUpdated: "2024-08-06T05:02:43.413Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-2327
Vulnerability from cvelistv5
Published
2012-08-13 18:00
Modified
2024-09-17 02:58
Severity ?
EPSS score ?
Summary
MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obtain sensitive information via a malformed forumread cookie, which reveals the installation path in an error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/53417 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2012/05/07/13 | mailing-list, x_refsource_MLIST | |
| http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/05/07/14 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T19:34:25.645Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "53417", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/53417", }, { name: "[oss-security] 20120507 CVE request: mybb before 1.6.7", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/05/07/13", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", }, { name: "[oss-security] 20120507 Re: CVE request: mybb before 1.6.7", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/05/07/14", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obtain sensitive information via a malformed forumread cookie, which reveals the installation path in an error message.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-08-13T18:00:00Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "53417", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/53417", }, { name: "[oss-security] 20120507 CVE request: mybb before 1.6.7", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/05/07/13", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", }, { name: "[oss-security] 20120507 Re: CVE request: mybb before 1.6.7", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/05/07/14", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2012-2327", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obtain sensitive information via a malformed forumread cookie, which reveals the installation path in an error message.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "53417", refsource: "BID", url: "http://www.securityfocus.com/bid/53417", }, { name: "[oss-security] 20120507 CVE request: mybb before 1.6.7", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/05/07/13", }, { name: "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", refsource: "CONFIRM", url: "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", }, { name: "[oss-security] 20120507 Re: CVE request: mybb before 1.6.7", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/05/07/14", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-2327", datePublished: "2012-08-13T18:00:00Z", dateReserved: "2012-04-19T00:00:00Z", dateUpdated: "2024-09-17T02:58:18.551Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-43709
Vulnerability from cvelistv5
Published
2022-11-21 00:00
Modified
2024-08-03 13:40
Severity ?
EPSS score ?
Summary
MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:40:06.346Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://mybb.com", }, { tags: [ "x_transferred", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-ggp5-454p-867v", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-21T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://mybb.com", }, { url: "https://github.com/mybb/mybb/security/advisories/GHSA-ggp5-454p-867v", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-43709", datePublished: "2022-11-21T00:00:00", dateReserved: "2022-10-24T00:00:00", dateUpdated: "2024-08-03T13:40:06.346Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-5909
Vulnerability from cvelistv5
Published
2012-11-17 21:00
Modified
2024-08-06 21:21
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in a search action to admin/index.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/74396 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/52743 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.org/files/111238/MyBB-1.6.6-Cross-Site-Scripting-SQL-Injection.html | x_refsource_MISC | |
| http://osvdb.org/80634 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T21:21:28.268Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "mybb-index-conditionsusergroup-sql-injection(74396)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74396", }, { name: "52743", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/52743", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.org/files/111238/MyBB-1.6.6-Cross-Site-Scripting-SQL-Injection.html", }, { name: "80634", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/80634", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-03-27T00:00:00", descriptions: [ { lang: "en", value: "SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in a search action to admin/index.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "mybb-index-conditionsusergroup-sql-injection(74396)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74396", }, { name: "52743", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/52743", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.org/files/111238/MyBB-1.6.6-Cross-Site-Scripting-SQL-Injection.html", }, { name: "80634", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/80634", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2012-5909", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in a search action to admin/index.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "mybb-index-conditionsusergroup-sql-injection(74396)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74396", }, { name: "52743", refsource: "BID", url: "http://www.securityfocus.com/bid/52743", }, { name: "http://packetstormsecurity.org/files/111238/MyBB-1.6.6-Cross-Site-Scripting-SQL-Injection.html", refsource: "MISC", url: "http://packetstormsecurity.org/files/111238/MyBB-1.6.6-Cross-Site-Scripting-SQL-Injection.html", }, { name: "80634", refsource: "OSVDB", url: "http://osvdb.org/80634", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2012-5909", datePublished: "2012-11-17T21:00:00", dateReserved: "2012-11-17T00:00:00", dateUpdated: "2024-08-06T21:21:28.268Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-2324
Vulnerability from cvelistv5
Published
2012-08-13 18:00
Modified
2024-09-16 18:18
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.7 allow remote administrators to execute arbitrary SQL commands via unspecified vectors in the (1) user search or (2) Mail Log in the Admin Control Panel (ACP).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/53417 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2012/05/07/13 | mailing-list, x_refsource_MLIST | |
| http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/05/07/14 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T19:34:23.575Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "53417", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/53417", }, { name: "[oss-security] 20120507 CVE request: mybb before 1.6.7", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/05/07/13", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", }, { name: "[oss-security] 20120507 Re: CVE request: mybb before 1.6.7", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/05/07/14", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.7 allow remote administrators to execute arbitrary SQL commands via unspecified vectors in the (1) user search or (2) Mail Log in the Admin Control Panel (ACP).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-08-13T18:00:00Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "53417", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/53417", }, { name: "[oss-security] 20120507 CVE request: mybb before 1.6.7", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/05/07/13", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", }, { name: "[oss-security] 20120507 Re: CVE request: mybb before 1.6.7", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/05/07/14", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2012-2324", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.7 allow remote administrators to execute arbitrary SQL commands via unspecified vectors in the (1) user search or (2) Mail Log in the Admin Control Panel (ACP).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "53417", refsource: "BID", url: "http://www.securityfocus.com/bid/53417", }, { name: "[oss-security] 20120507 CVE request: mybb before 1.6.7", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/05/07/13", }, { name: "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", refsource: "CONFIRM", url: "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", }, { name: "[oss-security] 20120507 Re: CVE request: mybb before 1.6.7", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/05/07/14", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-2324", datePublished: "2012-08-13T18:00:00Z", dateReserved: "2012-04-19T00:00:00Z", dateUpdated: "2024-09-16T18:18:14.658Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9406
Vulnerability from cvelistv5
Published
2017-01-31 22:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the User control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94395 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/11/18/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/11/10/8 | mailing-list, x_refsource_MLIST | |
| https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:50:37.700Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "94395", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-11T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the User control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-02-01T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "94395", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9406", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the User control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "94395", refsource: "BID", url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", refsource: "CONFIRM", url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9406", datePublished: "2017-01-31T22:00:00", dateReserved: "2016-11-17T00:00:00", dateUpdated: "2024-08-06T02:50:37.700Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-8976
Vulnerability from cvelistv5
Published
2017-01-31 22:00
Modified
2024-08-06 08:36
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inject arbitrary web script or HTML via vectors related to "old upgrade files."
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/94397 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/11/18/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/11/10/8 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T08:36:31.035Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/", }, { name: "94397", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94397", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-09-07T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inject arbitrary web script or HTML via vectors related to \"old upgrade files.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-02-01T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/", }, { name: "94397", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94397", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-8976", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inject arbitrary web script or HTML via vectors related to \"old upgrade files.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/", refsource: "CONFIRM", url: "https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/", }, { name: "94397", refsource: "BID", url: "http://www.securityfocus.com/bid/94397", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-8976", datePublished: "2017-01-31T22:00:00", dateReserved: "2016-11-17T00:00:00", dateUpdated: "2024-08-06T08:36:31.035Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-43708
Vulnerability from cvelistv5
Published
2022-11-21 00:00
Modified
2024-08-03 13:40
Severity ?
EPSS score ?
Summary
MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially crafted name
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:40:06.325Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://mybb.com", }, { tags: [ "x_transferred", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-p9m7-9qv4-x93w", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially crafted name", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-21T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://mybb.com", }, { url: "https://github.com/mybb/mybb/security/advisories/GHSA-p9m7-9qv4-x93w", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-43708", datePublished: "2022-11-21T00:00:00", dateReserved: "2022-10-24T00:00:00", dateUpdated: "2024-08-03T13:40:06.325Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-3759
Vulnerability from cvelistv5
Published
2011-09-23 23:00
Modified
2024-09-17 00:55
Severity ?
EPSS score ?
Summary
MyBB (aka MyBulletinBoard) 1.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/3rdparty/diff/Diff/ThreeWay.php and certain other files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2011/06/27/6 | mailing-list, x_refsource_MLIST | |
| http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README | x_refsource_MISC | |
| http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/mybb-1.6 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T23:46:02.871Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2011/06/27/6", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/mybb-1.6", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "MyBB (aka MyBulletinBoard) 1.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/3rdparty/diff/Diff/ThreeWay.php and certain other files.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2011-09-23T23:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2011/06/27/6", }, { tags: [ "x_refsource_MISC", ], url: "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", }, { tags: [ "x_refsource_MISC", ], url: "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/mybb-1.6", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2011-3759", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "MyBB (aka MyBulletinBoard) 1.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/3rdparty/diff/Diff/ThreeWay.php and certain other files.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2011/06/27/6", }, { name: "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", refsource: "MISC", url: "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", }, { name: "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/mybb-1.6", refsource: "MISC", url: "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/mybb-1.6", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2011-3759", datePublished: "2011-09-23T23:00:00Z", dateReserved: "2011-09-23T00:00:00Z", dateUpdated: "2024-09-17T00:55:31.133Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-5132
Vulnerability from cvelistv5
Published
2012-08-30 22:00
Modified
2024-08-07 00:23
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in MyBB before 1.6.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "usernames via AJAX."
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/71461 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/46951 | third-party-advisory, x_refsource_SECUNIA | |
| http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/50816 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/77326 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T00:23:40.249Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "mybb-username-xss(71461)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/71461", }, { name: "46951", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/46951", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/", }, { name: "50816", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/50816", }, { name: "77326", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/77326", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-10-08T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in MyBB before 1.6.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to \"usernames via AJAX.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "mybb-username-xss(71461)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/71461", }, { name: "46951", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/46951", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/", }, { name: "50816", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/50816", }, { name: "77326", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/77326", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2011-5132", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in MyBB before 1.6.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to \"usernames via AJAX.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "mybb-username-xss(71461)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/71461", }, { name: "46951", refsource: "SECUNIA", url: "http://secunia.com/advisories/46951", }, { name: "http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/", refsource: "CONFIRM", url: "http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/", }, { name: "50816", refsource: "BID", url: "http://www.securityfocus.com/bid/50816", }, { name: "77326", refsource: "OSVDB", url: "http://www.osvdb.org/77326", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2011-5132", datePublished: "2012-08-30T22:00:00", dateReserved: "2012-08-30T00:00:00", dateUpdated: "2024-08-07T00:23:40.249Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-20225
Vulnerability from cvelistv5
Published
2020-01-02 14:02
Modified
2024-08-05 02:39
Severity ?
EPSS score ?
Summary
MyBB before 1.8.22 allows an open redirect on login.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.mybb.com/2019/12/30/mybb-1-8-22-released-security-maintenance-release/ | x_refsource_MISC | |
| https://mybb.com/versions/1.8.22/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:39:09.790Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.mybb.com/2019/12/30/mybb-1-8-22-released-security-maintenance-release/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://mybb.com/versions/1.8.22/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "MyBB before 1.8.22 allows an open redirect on login.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-02T14:02:26", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://blog.mybb.com/2019/12/30/mybb-1-8-22-released-security-maintenance-release/", }, { tags: [ "x_refsource_MISC", ], url: "https://mybb.com/versions/1.8.22/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-20225", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "MyBB before 1.8.22 allows an open redirect on login.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://blog.mybb.com/2019/12/30/mybb-1-8-22-released-security-maintenance-release/", refsource: "MISC", url: "https://blog.mybb.com/2019/12/30/mybb-1-8-22-released-security-maintenance-release/", }, { name: "https://mybb.com/versions/1.8.22/", refsource: "MISC", url: "https://mybb.com/versions/1.8.22/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-20225", datePublished: "2020-01-02T14:02:26", dateReserved: "2020-01-02T00:00:00", dateUpdated: "2024-08-05T02:39:09.790Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9402
Vulnerability from cvelistv5
Published
2017-01-31 22:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94395 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/11/18/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/11/10/8 | mailing-list, x_refsource_MLIST | |
| https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:50:38.224Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "94395", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-11T00:00:00", descriptions: [ { lang: "en", value: "SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-02-01T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "94395", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9402", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "94395", refsource: "BID", url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", refsource: "CONFIRM", url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9402", datePublished: "2017-01-31T22:00:00", dateReserved: "2016-11-17T00:00:00", dateUpdated: "2024-08-06T02:50:38.224Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-4625
Vulnerability from cvelistv5
Published
2010-12-30 20:00
Modified
2024-08-07 03:51
Severity ?
EPSS score ?
Summary
MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden threads, which allows remote attackers to obtain sensitive information by reading the Latest Threads block of the Portal Page.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/ | x_refsource_CONFIRM | |
| http://dev.mybboard.net/issues/809 | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2010/10/08/7 | mailing-list, x_refsource_MLIST | |
| http://openwall.com/lists/oss-security/2010/10/11/8 | mailing-list, x_refsource_MLIST | |
| http://openwall.com/lists/oss-security/2010/12/06/2 | mailing-list, x_refsource_MLIST | |
| http://community.mybb.com/thread-66255.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64517 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T03:51:17.744Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://dev.mybboard.net/issues/809", }, { name: "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2010/10/08/7", }, { name: "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2010/10/11/8", }, { name: "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2010/12/06/2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://community.mybb.com/thread-66255.html", }, { name: "mybb-hidden-threads-info-disc(64517)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64517", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2010-04-13T00:00:00", descriptions: [ { lang: "en", value: "MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden threads, which allows remote attackers to obtain sensitive information by reading the Latest Threads block of the Portal Page.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://dev.mybboard.net/issues/809", }, { name: "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openwall.com/lists/oss-security/2010/10/08/7", }, { name: "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openwall.com/lists/oss-security/2010/10/11/8", }, { name: "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openwall.com/lists/oss-security/2010/12/06/2", }, { tags: [ "x_refsource_MISC", ], url: "http://community.mybb.com/thread-66255.html", }, { name: "mybb-hidden-threads-info-disc(64517)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64517", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2010-4625", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden threads, which allows remote attackers to obtain sensitive information by reading the Latest Threads block of the Portal Page.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", refsource: "CONFIRM", url: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", }, { name: "http://dev.mybboard.net/issues/809", refsource: "CONFIRM", url: "http://dev.mybboard.net/issues/809", }, { name: "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12", refsource: "MLIST", url: "http://openwall.com/lists/oss-security/2010/10/08/7", }, { name: "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12", refsource: "MLIST", url: "http://openwall.com/lists/oss-security/2010/10/11/8", }, { name: "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12", refsource: "MLIST", url: "http://openwall.com/lists/oss-security/2010/12/06/2", }, { name: "http://community.mybb.com/thread-66255.html", refsource: "MISC", url: "http://community.mybb.com/thread-66255.html", }, { name: "mybb-hidden-threads-info-disc(64517)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64517", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2010-4625", datePublished: "2010-12-30T20:00:00", dateReserved: "2010-12-30T00:00:00", dateUpdated: "2024-08-07T03:51:17.744Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-1840
Vulnerability from cvelistv5
Published
2014-03-03 16:00
Modified
2024-08-06 09:50
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a do_search action, which is not properly handled in a forced SQL error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/125038/MyBB-1.6.12-POST-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://osandamalith.wordpress.com/2014/02/02/mybb-1-6-12-post-xss-0day/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:50:11.072Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/125038/MyBB-1.6.12-POST-Cross-Site-Scripting.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://osandamalith.wordpress.com/2014/02/02/mybb-1-6-12-post-xss-0day/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-02-02T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a do_search action, which is not properly handled in a forced SQL error message.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-03-03T15:57:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/125038/MyBB-1.6.12-POST-Cross-Site-Scripting.html", }, { tags: [ "x_refsource_MISC", ], url: "http://osandamalith.wordpress.com/2014/02/02/mybb-1-6-12-post-xss-0day/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-1840", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a do_search action, which is not properly handled in a forced SQL error message.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/125038/MyBB-1.6.12-POST-Cross-Site-Scripting.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/125038/MyBB-1.6.12-POST-Cross-Site-Scripting.html", }, { name: "http://osandamalith.wordpress.com/2014/02/02/mybb-1-6-12-post-xss-0day/", refsource: "MISC", url: "http://osandamalith.wordpress.com/2014/02/02/mybb-1-6-12-post-xss-0day/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-1840", datePublished: "2014-03-03T16:00:00", dateReserved: "2014-02-02T00:00:00", dateUpdated: "2024-08-06T09:50:11.072Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1000503
Vulnerability from cvelistv5
Published
2018-06-26 16:00
Modified
2024-08-05 12:40
Severity ?
EPSS score ?
Summary
MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. This attack appear to be exploitable via Subscribe to a forum through IDOR. This vulnerability appears to have been fixed in 1.8.15.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.batterystapl.es/2018/03/local-file-inclusion-and-reading.html | x_refsource_MISC | |
| https://blog.mybb.com/2018/03/15/mybb-1-8-15-released-security-maintenance-release/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:40:47.100Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.batterystapl.es/2018/03/local-file-inclusion-and-reading.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.mybb.com/2018/03/15/mybb-1-8-15-released-security-maintenance-release/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], dateAssigned: "2018-06-23T00:00:00", datePublic: "2018-06-26T00:00:00", descriptions: [ { lang: "en", value: "MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. This attack appear to be exploitable via Subscribe to a forum through IDOR. This vulnerability appears to have been fixed in 1.8.15.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-26T15:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.batterystapl.es/2018/03/local-file-inclusion-and-reading.html", }, { tags: [ "x_refsource_MISC", ], url: "https://blog.mybb.com/2018/03/15/mybb-1-8-15-released-security-maintenance-release/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", DATE_ASSIGNED: "2018-06-23T11:22:33.003968", DATE_REQUESTED: "2018-04-07T06:38:39", ID: "CVE-2018-1000503", REQUESTER: "riley@mailo.com", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. This attack appear to be exploitable via Subscribe to a forum through IDOR. This vulnerability appears to have been fixed in 1.8.15.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.batterystapl.es/2018/03/local-file-inclusion-and-reading.html", refsource: "MISC", url: "http://www.batterystapl.es/2018/03/local-file-inclusion-and-reading.html", }, { name: "https://blog.mybb.com/2018/03/15/mybb-1-8-15-released-security-maintenance-release/", refsource: "MISC", url: "https://blog.mybb.com/2018/03/15/mybb-1-8-15-released-security-maintenance-release/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-1000503", datePublished: "2018-06-26T16:00:00", dateReserved: "2018-04-07T00:00:00", dateUpdated: "2024-08-05T12:40:47.100Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-27889
Vulnerability from cvelistv5
Published
2021-03-15 16:57
Modified
2024-08-03 21:33
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mybb/mybb/security/advisories/GHSA-xhj7-3349-mqcm | x_refsource_MISC | |
| http://packetstormsecurity.com/files/161908/MyBB-1.8.25-Remote-Command-Execution.html | x_refsource_MISC | |
| https://blog.sonarsource.com/mybb-remote-code-execution-chain | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:33:17.199Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-xhj7-3349-mqcm", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/161908/MyBB-1.8.25-Remote-Command-Execution.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.sonarsource.com/mybb-remote-code-execution-chain", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-20T18:15:33", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-xhj7-3349-mqcm", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/161908/MyBB-1.8.25-Remote-Command-Execution.html", }, { tags: [ "x_refsource_MISC", ], url: "https://blog.sonarsource.com/mybb-remote-code-execution-chain", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-27889", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/mybb/mybb/security/advisories/GHSA-xhj7-3349-mqcm", refsource: "MISC", url: "https://github.com/mybb/mybb/security/advisories/GHSA-xhj7-3349-mqcm", }, { name: "http://packetstormsecurity.com/files/161908/MyBB-1.8.25-Remote-Command-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/161908/MyBB-1.8.25-Remote-Command-Execution.html", }, { name: "https://blog.sonarsource.com/mybb-remote-code-execution-chain", refsource: "MISC", url: "https://blog.sonarsource.com/mybb-remote-code-execution-chain", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-27889", datePublished: "2021-03-15T16:57:02", dateReserved: "2021-03-02T00:00:00", dateUpdated: "2024-08-03T21:33:17.199Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-24734
Vulnerability from cvelistv5
Published
2022-03-09 21:25
Modified
2024-08-03 04:20
Severity ?
EPSS score ?
Summary
MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type `php` with PHP code, executed on on _Change Settings_ pages. This results in a Remote Code Execution (RCE) vulnerability. The vulnerable module requires Admin CP access with the `Can manage settings?` permission. MyBB's Settings module, which allows administrators to add, edit, and delete non-default settings, stores setting data in an options code string ($options_code; mybb_settings.optionscode database column) that identifies the setting type and its options, separated by a new line character (\n). In MyBB 1.2.0, support for setting type php was added, for which the remaining part of the options code is PHP code executed on Change Settings pages (reserved for plugins and internal use). MyBB 1.8.30 resolves this issue. There are no known workarounds.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mybb/mybb/security/advisories/GHSA-876v-gwgh-w57f | x_refsource_CONFIRM | |
| https://github.com/mybb/mybb/commit/92012b9831b330714b9f9b4646a98784113489c1 | x_refsource_MISC | |
| https://mybb.com/versions/1.8.30/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-503/ | x_refsource_MISC | |
| http://packetstormsecurity.com/files/167082/MyBB-1.8.29-Remote-Code-Execution.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/167333/MyBB-Admin-Control-Remote-Code-Execution.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:20:49.808Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-876v-gwgh-w57f", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/mybb/mybb/commit/92012b9831b330714b9f9b4646a98784113489c1", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://mybb.com/versions/1.8.30/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-503/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/167082/MyBB-1.8.29-Remote-Code-Execution.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/167333/MyBB-Admin-Control-Remote-Code-Execution.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "mybb", vendor: "mybb", versions: [ { status: "affected", version: ">= 1.2.0, < 1.8.30", }, ], }, ], descriptions: [ { lang: "en", value: "MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type `php` with PHP code, executed on on _Change Settings_ pages. This results in a Remote Code Execution (RCE) vulnerability. The vulnerable module requires Admin CP access with the `Can manage settings?` permission. MyBB's Settings module, which allows administrators to add, edit, and delete non-default settings, stores setting data in an options code string ($options_code; mybb_settings.optionscode database column) that identifies the setting type and its options, separated by a new line character (\\n). In MyBB 1.2.0, support for setting type php was added, for which the remaining part of the options code is PHP code executed on Change Settings pages (reserved for plugins and internal use). MyBB 1.8.30 resolves this issue. There are no known workarounds.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94: Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-31T18:06:18", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-876v-gwgh-w57f", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/mybb/mybb/commit/92012b9831b330714b9f9b4646a98784113489c1", }, { tags: [ "x_refsource_MISC", ], url: "https://mybb.com/versions/1.8.30/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-503/", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/167082/MyBB-1.8.29-Remote-Code-Execution.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/167333/MyBB-Admin-Control-Remote-Code-Execution.html", }, ], source: { advisory: "GHSA-876v-gwgh-w57f", discovery: "UNKNOWN", }, title: "Remote code execution in mybb", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2022-24734", STATE: "PUBLIC", TITLE: "Remote code execution in mybb", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "mybb", version: { version_data: [ { version_value: ">= 1.2.0, < 1.8.30", }, ], }, }, ], }, vendor_name: "mybb", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type `php` with PHP code, executed on on _Change Settings_ pages. This results in a Remote Code Execution (RCE) vulnerability. The vulnerable module requires Admin CP access with the `Can manage settings?` permission. MyBB's Settings module, which allows administrators to add, edit, and delete non-default settings, stores setting data in an options code string ($options_code; mybb_settings.optionscode database column) that identifies the setting type and its options, separated by a new line character (\\n). In MyBB 1.2.0, support for setting type php was added, for which the remaining part of the options code is PHP code executed on Change Settings pages (reserved for plugins and internal use). MyBB 1.8.30 resolves this issue. There are no known workarounds.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-94: Improper Control of Generation of Code ('Code Injection')", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/mybb/mybb/security/advisories/GHSA-876v-gwgh-w57f", refsource: "CONFIRM", url: "https://github.com/mybb/mybb/security/advisories/GHSA-876v-gwgh-w57f", }, { name: "https://github.com/mybb/mybb/commit/92012b9831b330714b9f9b4646a98784113489c1", refsource: "MISC", url: "https://github.com/mybb/mybb/commit/92012b9831b330714b9f9b4646a98784113489c1", }, { name: "https://mybb.com/versions/1.8.30/", refsource: "MISC", url: "https://mybb.com/versions/1.8.30/", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-22-503/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-22-503/", }, { name: "http://packetstormsecurity.com/files/167082/MyBB-1.8.29-Remote-Code-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/167082/MyBB-1.8.29-Remote-Code-Execution.html", }, { name: "http://packetstormsecurity.com/files/167333/MyBB-Admin-Control-Remote-Code-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/167333/MyBB-Admin-Control-Remote-Code-Execution.html", }, ], }, source: { advisory: "GHSA-876v-gwgh-w57f", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-24734", datePublished: "2022-03-09T21:25:08", dateReserved: "2022-02-10T00:00:00", dateUpdated: "2024-08-03T04:20:49.808Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9412
Vulnerability from cvelistv5
Published
2017-01-31 22:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow attackers to have unspecified impact via vectors related to low adminsid and sid entropy.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94395 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/11/18/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/11/10/8 | mailing-list, x_refsource_MLIST | |
| https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:50:37.943Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "94395", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-11T00:00:00", descriptions: [ { lang: "en", value: "MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow attackers to have unspecified impact via vectors related to low adminsid and sid entropy.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-02-01T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "94395", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9412", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow attackers to have unspecified impact via vectors related to low adminsid and sid entropy.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "94395", refsource: "BID", url: "http://www.securityfocus.com/bid/94395", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", refsource: "CONFIRM", url: "https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9412", datePublished: "2017-01-31T22:00:00", dateReserved: "2016-11-17T00:00:00", dateUpdated: "2024-08-06T02:50:37.943Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-46251
Vulnerability from cvelistv5
Published
2023-11-06 17:41
Modified
2024-09-04 19:32
Severity ?
EPSS score ?
Summary
MyBB is a free and open source forum software. Custom MyCode (BBCode) for the visual editor (_SCEditor_) doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. This weakness can be exploited by pointing a victim to a page where the visual editor is active (e.g. as a post or Private Message) and operates on a maliciously crafted MyCode message. This may occur on pages where message content is pre-filled using a GET/POST parameter, or on reply pages where a previously saved malicious message is quoted. The impact is be mitigated when: 1. the visual editor is disabled globally (_Admin CP → Configuration → Settings → Clickable Smilies and BB Code: [Clickable MyCode Editor](https://github.com/mybb/mybb/blob/mybb_1836/install/resources/settings.xml#L2087-L2094)_ is set to _Off_), or 2. the visual editor is disabled for individual user accounts (_User CP → Your Profile → Edit Options_: _Show the MyCode formatting options on the posting pages_ checkbox is not checked). MyBB 1.8.37 resolves this issue with the commit `6dcaf0b4d`. Users are advised to upgrade. Users unable to upgrade may mitigate the impact without upgrading MyBB by changing the following setting (_Admin CP → Configuration → Settings_):
- _Clickable Smilies and BB Code → [Clickable MyCode Editor](https://github.com/mybb/mybb/blob/mybb_1836/install/resources/settings.xml#L2087-L2094)_: _Off_. Similarly, individual MyBB forum users are able to disable the visual editor by diabling the account option (_User CP → Your Profile → Edit Options_) _Show the MyCode formatting options on the posting pages_.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mybb/mybb/security/advisories/GHSA-wj33-q7vj-9fr8 | x_refsource_CONFIRM | |
| https://github.com/mybb/mybb/commit/6dcaf0b4db6254f1833fe8dae295d9ddc2219276 | x_refsource_MISC | |
| https://mybb.com/versions/1.8.37/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:37:40.233Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/mybb/mybb/security/advisories/GHSA-wj33-q7vj-9fr8", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-wj33-q7vj-9fr8", }, { name: "https://github.com/mybb/mybb/commit/6dcaf0b4db6254f1833fe8dae295d9ddc2219276", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/mybb/mybb/commit/6dcaf0b4db6254f1833fe8dae295d9ddc2219276", }, { name: "https://mybb.com/versions/1.8.37/", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://mybb.com/versions/1.8.37/", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mybb", vendor: "mybb", versions: [ { lessThan: "1.8.37", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-46251", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-04T19:26:53.568111Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-04T19:32:41.984Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "mybb", vendor: "mybb", versions: [ { status: "affected", version: "< 1.8.37", }, ], }, ], descriptions: [ { lang: "en", value: " MyBB is a free and open source forum software. Custom MyCode (BBCode) for the visual editor (_SCEditor_) doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. This weakness can be exploited by pointing a victim to a page where the visual editor is active (e.g. as a post or Private Message) and operates on a maliciously crafted MyCode message. This may occur on pages where message content is pre-filled using a GET/POST parameter, or on reply pages where a previously saved malicious message is quoted. The impact is be mitigated when: 1. the visual editor is disabled globally (_Admin CP → Configuration → Settings → Clickable Smilies and BB Code: [Clickable MyCode Editor](https://github.com/mybb/mybb/blob/mybb_1836/install/resources/settings.xml#L2087-L2094)_ is set to _Off_), or 2. the visual editor is disabled for individual user accounts (_User CP → Your Profile → Edit Options_: _Show the MyCode formatting options on the posting pages_ checkbox is not checked). MyBB 1.8.37 resolves this issue with the commit `6dcaf0b4d`. Users are advised to upgrade. Users unable to upgrade may mitigate the impact without upgrading MyBB by changing the following setting (_Admin CP → Configuration → Settings_):\n- _Clickable Smilies and BB Code → [Clickable MyCode Editor](https://github.com/mybb/mybb/blob/mybb_1836/install/resources/settings.xml#L2087-L2094)_: _Off_. Similarly, individual MyBB forum users are able to disable the visual editor by diabling the account option (_User CP → Your Profile → Edit Options_) _Show the MyCode formatting options on the posting pages_.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-06T17:41:30.378Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/mybb/mybb/security/advisories/GHSA-wj33-q7vj-9fr8", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-wj33-q7vj-9fr8", }, { name: "https://github.com/mybb/mybb/commit/6dcaf0b4db6254f1833fe8dae295d9ddc2219276", tags: [ "x_refsource_MISC", ], url: "https://github.com/mybb/mybb/commit/6dcaf0b4db6254f1833fe8dae295d9ddc2219276", }, { name: "https://mybb.com/versions/1.8.37/", tags: [ "x_refsource_MISC", ], url: "https://mybb.com/versions/1.8.37/", }, ], source: { advisory: "GHSA-wj33-q7vj-9fr8", discovery: "UNKNOWN", }, title: "Visual editor persistent Cross-site Scripting (XSS) in MyBB", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-46251", datePublished: "2023-11-06T17:41:30.378Z", dateReserved: "2023-10-19T20:34:00.948Z", dateUpdated: "2024-09-04T19:32:41.984Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-15139
Vulnerability from cvelistv5
Published
2020-08-10 21:35
Modified
2024-08-04 13:08
Severity ?
EPSS score ?
Summary
In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active (e.g. as a post or Private Message) and operates on a maliciously crafted MyCode message. This may occur on pages where message content is pre-filled using a GET/POST parameter, or on reply pages where a previously saved malicious message is quoted. After upgrading MyBB to 1.8.24, make sure to update the version attribute in the `codebuttons` template for non-default themes to serve the latest version of the patched `jscripts/bbcodes_sceditor.js` file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mybb/mybb/security/advisories/GHSA-37h7-vfv6-f8rj | x_refsource_CONFIRM | |
| https://github.com/mybb/mybb/commit/37ad29dcd25489a37bdd89ebac761f22492558b0 | x_refsource_MISC | |
| https://mybb.com/versions/1.8.24/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:08:22.286Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-37h7-vfv6-f8rj", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/mybb/mybb/commit/37ad29dcd25489a37bdd89ebac761f22492558b0", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://mybb.com/versions/1.8.24/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MyBB", vendor: "MyBB", versions: [ { status: "affected", version: "< 1.8.24", }, ], }, ], descriptions: [ { lang: "en", value: "In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active (e.g. as a post or Private Message) and operates on a maliciously crafted MyCode message. This may occur on pages where message content is pre-filled using a GET/POST parameter, or on reply pages where a previously saved malicious message is quoted. After upgrading MyBB to 1.8.24, make sure to update the version attribute in the `codebuttons` template for non-default themes to serve the latest version of the patched `jscripts/bbcodes_sceditor.js` file.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-08-10T21:35:13", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-37h7-vfv6-f8rj", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/mybb/mybb/commit/37ad29dcd25489a37bdd89ebac761f22492558b0", }, { tags: [ "x_refsource_MISC", ], url: "https://mybb.com/versions/1.8.24/", }, ], source: { advisory: "GHSA-37h7-vfv6-f8rj", discovery: "UNKNOWN", }, title: "XSS in MyBB", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2020-15139", STATE: "PUBLIC", TITLE: "XSS in MyBB", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MyBB", version: { version_data: [ { version_value: "< 1.8.24", }, ], }, }, ], }, vendor_name: "MyBB", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active (e.g. as a post or Private Message) and operates on a maliciously crafted MyCode message. This may occur on pages where message content is pre-filled using a GET/POST parameter, or on reply pages where a previously saved malicious message is quoted. After upgrading MyBB to 1.8.24, make sure to update the version attribute in the `codebuttons` template for non-default themes to serve the latest version of the patched `jscripts/bbcodes_sceditor.js` file.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/mybb/mybb/security/advisories/GHSA-37h7-vfv6-f8rj", refsource: "CONFIRM", url: "https://github.com/mybb/mybb/security/advisories/GHSA-37h7-vfv6-f8rj", }, { name: "https://github.com/mybb/mybb/commit/37ad29dcd25489a37bdd89ebac761f22492558b0", refsource: "MISC", url: "https://github.com/mybb/mybb/commit/37ad29dcd25489a37bdd89ebac761f22492558b0", }, { name: "https://mybb.com/versions/1.8.24/", refsource: "MISC", url: "https://mybb.com/versions/1.8.24/", }, ], }, source: { advisory: "GHSA-37h7-vfv6-f8rj", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2020-15139", datePublished: "2020-08-10T21:35:13", dateReserved: "2020-06-25T00:00:00", dateUpdated: "2024-08-04T13:08:22.286Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-16781
Vulnerability from cvelistv5
Published
2017-11-10 23:00
Modified
2024-08-05 20:35
Severity ?
EPSS score ?
Summary
The installer in MyBB before 1.8.13 has XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release/ | x_refsource_CONFIRM | |
| https://www.exploit-db.com/exploits/43137/ | exploit, x_refsource_EXPLOIT-DB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T20:35:21.217Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release/", }, { name: "43137", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/43137/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-11-10T00:00:00", descriptions: [ { lang: "en", value: "The installer in MyBB before 1.8.13 has XSS.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-11-20T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release/", }, { name: "43137", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/43137/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-16781", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The installer in MyBB before 1.8.13 has XSS.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release/", refsource: "CONFIRM", url: "https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release/", }, { name: "43137", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/43137/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-16781", datePublished: "2017-11-10T23:00:00", dateReserved: "2017-11-10T00:00:00", dateUpdated: "2024-08-05T20:35:21.217Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-27279
Vulnerability from cvelistv5
Published
2021-02-22 19:04
Modified
2024-08-03 20:48
Severity ?
EPSS score ?
Summary
MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCode (aka BBCode).
References
| ▼ | URL | Tags |
|---|---|---|
| https://mybb.com/versions/1.8.25/ | x_refsource_MISC | |
| https://github.com/mybb/mybb/security/advisories/GHSA-6483-hcpp-p75w | x_refsource_CONFIRM | |
| https://github.com/mybb/mybb/commit/cb781b49116bf5c4d8deca3e17498122b701677a | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:48:16.072Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://mybb.com/versions/1.8.25/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-6483-hcpp-p75w", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/mybb/mybb/commit/cb781b49116bf5c4d8deca3e17498122b701677a", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCode (aka BBCode).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-22T19:04:20", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://mybb.com/versions/1.8.25/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-6483-hcpp-p75w", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/mybb/mybb/commit/cb781b49116bf5c4d8deca3e17498122b701677a", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-27279", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCode (aka BBCode).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://mybb.com/versions/1.8.25/", refsource: "MISC", url: "https://mybb.com/versions/1.8.25/", }, { name: "https://github.com/mybb/mybb/security/advisories/GHSA-6483-hcpp-p75w", refsource: "CONFIRM", url: "https://github.com/mybb/mybb/security/advisories/GHSA-6483-hcpp-p75w", }, { name: "https://github.com/mybb/mybb/commit/cb781b49116bf5c4d8deca3e17498122b701677a", refsource: "CONFIRM", url: "https://github.com/mybb/mybb/commit/cb781b49116bf5c4d8deca3e17498122b701677a", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-27279", datePublished: "2021-02-22T19:04:20", dateReserved: "2021-02-16T00:00:00", dateUpdated: "2024-08-03T20:48:16.072Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-17128
Vulnerability from cvelistv5
Published
2018-09-17 04:00
Modified
2024-08-05 10:39
Severity ?
EPSS score ?
Summary
A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.mybb.com/2018/09/11/mybb-1-8-19-released-security-maintenance-release/ | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/45449/ | exploit, x_refsource_EXPLOIT-DB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T10:39:59.703Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.mybb.com/2018/09/11/mybb-1-8-19-released-security-maintenance-release/", }, { name: "45449", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/45449/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-09-16T00:00:00", descriptions: [ { lang: "en", value: "A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-09-26T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://blog.mybb.com/2018/09/11/mybb-1-8-19-released-security-maintenance-release/", }, { name: "45449", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/45449/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-17128", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://blog.mybb.com/2018/09/11/mybb-1-8-19-released-security-maintenance-release/", refsource: "MISC", url: "https://blog.mybb.com/2018/09/11/mybb-1-8-19-released-security-maintenance-release/", }, { name: "45449", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/45449/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-17128", datePublished: "2018-09-17T04:00:00", dateReserved: "2018-09-16T00:00:00", dateUpdated: "2024-08-05T10:39:59.703Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12830
Vulnerability from cvelistv5
Published
2019-06-15 17:04
Modified
2024-08-04 23:32
Severity ?
EPSS score ?
Summary
In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.ripstech.com/2019/mybb-stored-xss-to-rce/ | x_refsource_MISC | |
| https://blog.mybb.com/2019/06/10/mybb-1-8-21-released-security-maintenance-release/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:32:55.480Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.ripstech.com/2019/mybb-stored-xss-to-rce/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.mybb.com/2019/06/10/mybb-1-8-21-released-security-maintenance-release/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-15T17:04:50", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://blog.ripstech.com/2019/mybb-stored-xss-to-rce/", }, { tags: [ "x_refsource_MISC", ], url: "https://blog.mybb.com/2019/06/10/mybb-1-8-21-released-security-maintenance-release/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-12830", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://blog.ripstech.com/2019/mybb-stored-xss-to-rce/", refsource: "MISC", url: "https://blog.ripstech.com/2019/mybb-stored-xss-to-rce/", }, { name: "https://blog.mybb.com/2019/06/10/mybb-1-8-21-released-security-maintenance-release/", refsource: "MISC", url: "https://blog.mybb.com/2019/06/10/mybb-1-8-21-released-security-maintenance-release/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-12830", datePublished: "2019-06-15T17:04:50", dateReserved: "2019-06-15T00:00:00", dateUpdated: "2024-08-04T23:32:55.480Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-3826
Vulnerability from cvelistv5
Published
2020-02-11 18:48
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in MyBB before 1.6.13 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in the edit action of the config-profile_fields module.
References
| ▼ | URL | Tags |
|---|---|---|
| http://adamziaja.com/poc/201312-xss-mybb.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:57:17.832Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://adamziaja.com/poc/201312-xss-mybb.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in MyBB before 1.6.13 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in the edit action of the config-profile_fields module.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-02-11T18:48:04", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://adamziaja.com/poc/201312-xss-mybb.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-3826", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in MyBB before 1.6.13 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in the edit action of the config-profile_fields module.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://adamziaja.com/poc/201312-xss-mybb.html", refsource: "MISC", url: "http://adamziaja.com/poc/201312-xss-mybb.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-3826", datePublished: "2020-02-11T18:48:04", dateReserved: "2014-05-22T00:00:00", dateUpdated: "2024-08-06T10:57:17.832Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9421
Vulnerability from cvelistv5
Published
2017-01-31 22:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Users module in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/11/18/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/11/10/8 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/94396 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:50:38.427Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "94396", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94396", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-10-17T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the Users module in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-02-01T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "94396", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94396", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9421", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the Users module in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", refsource: "CONFIRM", url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "94396", refsource: "BID", url: "http://www.securityfocus.com/bid/94396", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9421", datePublished: "2017-01-31T22:00:00", dateReserved: "2016-11-17T00:00:00", dateUpdated: "2024-08-06T02:50:38.427Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-19048
Vulnerability from cvelistv5
Published
2021-08-31 13:16
Modified
2024-08-04 14:08
Severity ?
EPSS score ?
Summary
Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Title" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/joelister/bug/issues/1 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T14:08:30.702Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/joelister/bug/issues/1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the \"Title\" field found in the \"Add New Forum\" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-31T13:16:34", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/joelister/bug/issues/1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-19048", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the \"Title\" field found in the \"Add New Forum\" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/joelister/bug/issues/1", refsource: "MISC", url: "https://github.com/joelister/bug/issues/1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-19048", datePublished: "2021-08-31T13:16:34", dateReserved: "2020-08-13T00:00:00", dateUpdated: "2024-08-04T14:08:30.702Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9416
Vulnerability from cvelistv5
Published
2017-01-31 22:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the users data handler in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/11/18/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/11/10/8 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/94396 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:50:37.707Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "94396", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94396", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-10-17T00:00:00", descriptions: [ { lang: "en", value: "SQL injection vulnerability in the users data handler in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-02-01T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "94396", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94396", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9416", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL injection vulnerability in the users data handler in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", refsource: "CONFIRM", url: "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, { name: "94396", refsource: "BID", url: "http://www.securityfocus.com/bid/94396", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9416", datePublished: "2017-01-31T22:00:00", dateReserved: "2016-11-17T00:00:00", dateUpdated: "2024-08-06T02:50:37.707Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-3334
Vulnerability from cvelistv5
Published
2008-07-27 23:00
Modified
2024-08-07 09:37
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/31216 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/30401 | vdb-entry, x_refsource_BID | |
| http://community.mybboard.net/thread-33865.html | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44034 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:37:27.076Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "31216", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31216", }, { name: "30401", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/30401", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://community.mybboard.net/thread-33865.html", }, { name: "mybb-unspecified-xss(44034)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44034", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-07-21T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "31216", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31216", }, { name: "30401", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/30401", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://community.mybboard.net/thread-33865.html", }, { name: "mybb-unspecified-xss(44034)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44034", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-3334", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "31216", refsource: "SECUNIA", url: "http://secunia.com/advisories/31216", }, { name: "30401", refsource: "BID", url: "http://www.securityfocus.com/bid/30401", }, { name: "http://community.mybboard.net/thread-33865.html", refsource: "CONFIRM", url: "http://community.mybboard.net/thread-33865.html", }, { name: "mybb-unspecified-xss(44034)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44034", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-3334", datePublished: "2008-07-27T23:00:00", dateReserved: "2008-07-27T00:00:00", dateUpdated: "2024-08-07T09:37:27.076Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-7566
Vulnerability from cvelistv5
Published
2017-04-06 16:00
Modified
2024-08-05 16:04
Severity ?
EPSS score ?
Summary
MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/97480 | vdb-entry, x_refsource_BID | |
| https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170407-0_MyBB_SSRF_vulnerability_v10.txt | x_refsource_MISC | |
| https://github.com/mybb/mybb/commit/f5de8fc2aad11e0d2583f585535ccfa2b46325db#diff-7fe6e55397c77ab9a0f5d57bc4cbe5b9R6781 | x_refsource_CONFIRM | |
| https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:04:12.021Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "97480", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/97480", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170407-0_MyBB_SSRF_vulnerability_v10.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/mybb/mybb/commit/f5de8fc2aad11e0d2583f585535ccfa2b46325db#diff-7fe6e55397c77ab9a0f5d57bc4cbe5b9R6781", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-04-06T00:00:00", descriptions: [ { lang: "en", value: "MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-04-09T16:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "97480", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/97480", }, { tags: [ "x_refsource_MISC", ], url: "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170407-0_MyBB_SSRF_vulnerability_v10.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/mybb/mybb/commit/f5de8fc2aad11e0d2583f585535ccfa2b46325db#diff-7fe6e55397c77ab9a0f5d57bc4cbe5b9R6781", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-7566", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "97480", refsource: "BID", url: "http://www.securityfocus.com/bid/97480", }, { name: "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170407-0_MyBB_SSRF_vulnerability_v10.txt", refsource: "MISC", url: "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170407-0_MyBB_SSRF_vulnerability_v10.txt", }, { name: "https://github.com/mybb/mybb/commit/f5de8fc2aad11e0d2583f585535ccfa2b46325db#diff-7fe6e55397c77ab9a0f5d57bc4cbe5b9R6781", refsource: "CONFIRM", url: "https://github.com/mybb/mybb/commit/f5de8fc2aad11e0d2583f585535ccfa2b46325db#diff-7fe6e55397c77ab9a0f5d57bc4cbe5b9R6781", }, { name: "https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/", refsource: "CONFIRM", url: "https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-7566", datePublished: "2017-04-06T16:00:00", dateReserved: "2017-04-06T00:00:00", dateUpdated: "2024-08-05T16:04:12.021Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-4626
Vulnerability from cvelistv5
Published
2010-12-30 20:00
Modified
2024-08-07 03:51
Severity ?
EPSS score ?
Summary
The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://dev.mybboard.net/issues/843 | x_refsource_CONFIRM | |
| http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/ | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2010/10/08/7 | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64516 | vdb-entry, x_refsource_XF | |
| http://dev.mybboard.net/projects/mybb/repository/revisions/4872 | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2010/10/11/8 | mailing-list, x_refsource_MLIST | |
| http://openwall.com/lists/oss-security/2010/12/06/2 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T03:51:17.916Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://dev.mybboard.net/issues/843", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", }, { name: "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2010/10/08/7", }, { name: "mybb-myrand-unauth-access(64516)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64516", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://dev.mybboard.net/projects/mybb/repository/revisions/4872", }, { name: "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2010/10/11/8", }, { name: "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2010/12/06/2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2010-04-13T00:00:00", descriptions: [ { lang: "en", value: "The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force attack.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://dev.mybboard.net/issues/843", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", }, { name: "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openwall.com/lists/oss-security/2010/10/08/7", }, { name: "mybb-myrand-unauth-access(64516)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64516", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://dev.mybboard.net/projects/mybb/repository/revisions/4872", }, { name: "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openwall.com/lists/oss-security/2010/10/11/8", }, { name: "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openwall.com/lists/oss-security/2010/12/06/2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2010-4626", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force attack.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://dev.mybboard.net/issues/843", refsource: "CONFIRM", url: "http://dev.mybboard.net/issues/843", }, { name: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", refsource: "CONFIRM", url: "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", }, { name: "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12", refsource: "MLIST", url: "http://openwall.com/lists/oss-security/2010/10/08/7", }, { name: "mybb-myrand-unauth-access(64516)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/64516", }, { name: "http://dev.mybboard.net/projects/mybb/repository/revisions/4872", refsource: "CONFIRM", url: "http://dev.mybboard.net/projects/mybb/repository/revisions/4872", }, { name: "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12", refsource: "MLIST", url: "http://openwall.com/lists/oss-security/2010/10/11/8", }, { name: "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12", refsource: "MLIST", url: "http://openwall.com/lists/oss-security/2010/12/06/2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2010-4626", datePublished: "2010-12-30T20:00:00", dateReserved: "2010-12-30T00:00:00", dateUpdated: "2024-08-07T03:51:17.916Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-7288
Vulnerability from cvelistv5
Published
2014-01-10 16:00
Modified
2024-09-17 01:50
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via vectors related to Yahoo video URLs.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mybb/mybb/commit/238696e37d6a22b89e6bba11e4de3e6620cb5547 | x_refsource_CONFIRM | |
| http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release | x_refsource_CONFIRM | |
| http://secunia.com/advisories/55945 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/64570 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/show/osvdb/101544 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T18:01:20.288Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/mybb/mybb/commit/238696e37d6a22b89e6bba11e4de3e6620cb5547", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release", }, { name: "55945", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/55945", }, { name: "64570", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/64570", }, { name: "101544", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/show/osvdb/101544", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via vectors related to Yahoo video URLs.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-01-10T16:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/mybb/mybb/commit/238696e37d6a22b89e6bba11e4de3e6620cb5547", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release", }, { name: "55945", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/55945", }, { name: "64570", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/64570", }, { name: "101544", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/show/osvdb/101544", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-7288", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via vectors related to Yahoo video URLs.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/mybb/mybb/commit/238696e37d6a22b89e6bba11e4de3e6620cb5547", refsource: "CONFIRM", url: "https://github.com/mybb/mybb/commit/238696e37d6a22b89e6bba11e4de3e6620cb5547", }, { name: "http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release", refsource: "CONFIRM", url: "http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release", }, { name: "55945", refsource: "SECUNIA", url: "http://secunia.com/advisories/55945", }, { name: "64570", refsource: "BID", url: "http://www.securityfocus.com/bid/64570", }, { name: "101544", refsource: "OSVDB", url: "http://osvdb.org/show/osvdb/101544", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-7288", datePublished: "2014-01-10T16:00:00Z", dateReserved: "2014-01-10T00:00:00Z", dateUpdated: "2024-09-17T01:50:54.525Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-8973
Vulnerability from cvelistv5
Published
2017-01-31 22:00
Modified
2024-08-06 08:36
Severity ?
EPSS score ?
Summary
xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to the forum password.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/94397 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/11/18/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/11/10/8 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T08:36:30.417Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/", }, { name: "94397", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94397", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-09-07T00:00:00", descriptions: [ { lang: "en", value: "xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to the forum password.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-02-01T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/", }, { name: "94397", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94397", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-8973", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to the forum password.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/", refsource: "CONFIRM", url: "https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/", }, { name: "94397", refsource: "BID", url: "http://www.securityfocus.com/bid/94397", }, { name: "[oss-security] 20161117 Re: CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/18/1", }, { name: "[oss-security] 20161110 CVE request: MyBB multiple vulnerabilities", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/10/8", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-8973", datePublished: "2017-01-31T22:00:00", dateReserved: "2016-11-17T00:00:00", dateUpdated: "2024-08-06T08:36:30.417Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-27949
Vulnerability from cvelistv5
Published
2021-03-15 17:19
Modified
2024-08-03 21:33
Severity ?
EPSS score ?
Summary
Cross-site Scripting vulnerability in MyBB before 1.8.26 via Custom moderator tools.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mybb/mybb/security/advisories/GHSA-cmmr-39v8-8rx2 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:33:17.251Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-cmmr-39v8-8rx2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting vulnerability in MyBB before 1.8.26 via Custom moderator tools.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-15T17:19:11", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/mybb/mybb/security/advisories/GHSA-cmmr-39v8-8rx2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-27949", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site Scripting vulnerability in MyBB before 1.8.26 via Custom moderator tools.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/mybb/mybb/security/advisories/GHSA-cmmr-39v8-8rx2", refsource: "MISC", url: "https://github.com/mybb/mybb/security/advisories/GHSA-cmmr-39v8-8rx2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-27949", datePublished: "2021-03-15T17:19:11", dateReserved: "2021-03-04T00:00:00", dateUpdated: "2024-08-03T21:33:17.251Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }