CVE-2012-5909

The CVE covers a SQL injection in MyBB (MyBulletinBoard) 1.6.6. Affected component: admin/modules/user/users.php; root cause: unsafely constructed SQL via the conditions[usergroup][] parameter in a search action to admin/index.php. Impact is partial confidentiality/integrity/availability as per C...