4 matches found
Sql injection
The original distribution of MyBulletinBoard MyBB to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct 1 SQL injection attacks via an attachment name that is not properly handled by inc/functionsupload.php...
Sql injection
Multiple unspecified vulnerabilities in MyBulletinBoard MyBB before 1.0.2 have unspecified impact and attack vectors, related to 1 admin/moderate.php, 2 admin/themes.php, 3 inc/functions.php, 4 inc/functionsupload.php, 5 printthread.php, and 6 usercp.php, and probably related to SQL injection...
CVE-2005-4602
CVE-2005-4602 relates to MyBB before 1.0.1, where an SQL injection vulnerability exists in inc/functions_upload.php that can be exploited via the file extension of an uploaded attachment to execute arbitrary SQL. Evidence in connected records confirms this issue and links it to later notes that M...
CVE-2005-4602
SQL injection vulnerability in inc/functionupload.php in MyBB before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the file extension of an uploaded file attachment...