CRITICAL🇵🇱 Wersja polska

CVE-2015-8974

CVSS 10.0v3.0pub. 2017-01-31upd. 2026-05-13

SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Mybb Merge System

    APP
    Mybb
    ≤ 1.8.5
  • Mybb

    APP
    Mybb
    1.8.01.8.11.8.21.8.31.8.41.8.5≤ 1.6.17
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2011-10018CRITICAL10.0PL ✓ten sam produkt

MyBB 1.6.4 — backdoor w pakiecie źródłowym umożliwiający RCE

CVE-2020-22612CRITICAL9.8ten sam produkt

Installer RCE on settings file write in MyBB before 1.8.22.

CVE-2017-16780CRITICAL9.8ten sam produkt

The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the config...

CVE-2016-9403CRITICAL9.8ten sam produkt

newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attac...

CVE-2016-9402CRITICAL9.8ten sam produkt

SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge S...