CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
71.2%
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php. NOTE: the vendor disputes this issue, saying "Although this doesn’t lead to an SQL injection, it does provide a general MyBB SQL error.
Vendor | Product | Version | CPE |
---|---|---|---|
mybb | mybb | * | cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:* |
mybb | mybb | 1.00 | cpe:2.3:a:mybb:mybb:1.00:*:*:*:*:*:*:* |
mybb | mybb | 1.0 | cpe:2.3:a:mybb:mybb:1.0:beta4:*:*:*:*:*:* |
mybb | mybb | 1.0 | cpe:2.3:a:mybb:mybb:1.0:pr1:*:*:*:*:*:* |
mybb | mybb | 1.0 | cpe:2.3:a:mybb:mybb:1.0:pr2:*:*:*:*:*:* |
mybb | mybb | 1.0 | cpe:2.3:a:mybb:mybb:1.0:rc1:*:*:*:*:*:* |
mybb | mybb | 1.0 | cpe:2.3:a:mybb:mybb:1.0:rc2:*:*:*:*:*:* |
mybb | mybb | 1.0 | cpe:2.3:a:mybb:mybb:1.0:rc3:*:*:*:*:*:* |
mybb | mybb | 1.0 | cpe:2.3:a:mybb:mybb:1.0:rc4:*:*:*:*:*:* |
mybb | mybb | 1.01 | cpe:2.3:a:mybb:mybb:1.01:*:*:*:*:*:*:* |