CRITICAL🇬🇧 English

CVE-2016-9402

CVSS 9.8v3.0pub. 2017-01-31upd. 2026-05-13

SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Mybb Merge System

    APP
    Mybb
    ≤ 1.8.6
  • Mybb

    APP
    Mybb
    ≤ 1.8.6
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLi
CWE
Referencje

Powiązane podatności

CVE-2011-10018CRITICAL10.0PL ✓ten sam produkt

MyBB 1.6.4 — backdoor w pakiecie źródłowym umożliwiający RCE

CVE-2020-22612CRITICAL9.8ten sam produkt

Installer RCE on settings file write in MyBB before 1.8.22.

CVE-2017-16780CRITICAL9.8ten sam produkt

The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the config...

CVE-2016-9403CRITICAL9.8ten sam produkt

newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attac...

CVE-2015-8974CRITICAL10.0ten sam produkt

SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinB...