CVE-2012-2324

2012-08-1318:00:00

redhat

www.cve.org

mybb

sql injection

remote administrators

admin control panel

AI Score

8.4

Confidence

Low

EPSS

0.002

Percentile

52.1%

JSON

Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.7 allow remote administrators to execute arbitrary SQL commands via unspecified vectors in the (1) user search or (2) Mail Log in the Admin Control Panel (ACP).

References

blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/

www.openwall.com/lists/oss-security/2012/05/07/13

www.openwall.com/lists/oss-security/2012/05/07/14

www.securityfocus.com/bid/53417