Design/Logic Flaw

MyBB aka MyBulletinBoard before 1.4.12 does not properly restrict uid values for group join requests, which allows remote attackers to cause a denial of service resource consumption by using guest access to submit join request forms for moderated groups, related to usercp.php and managegroup.php...

MyBB 1.0.3 - Managegroup.php Cross-Site Scripting

MyBB 1.0.3 - Managegroup.php Cross-Site Scripting source: https://www.securityfocus.com/bid/16692/info MyBB is prone to a cross-site scripting vulnerability.. This issue is due to a lack of proper sanitization of user-supplied input. An attacker may leverage this issue to have arbitrary script co...

MyBB 1.0.21.0.3 - Managegroup.php SQL Injection

MyBB 1.0.21.0.3 - Managegroup.php SQL Injection source: https://www.securityfocus.com/bid/16689/info MyBB is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation...

[myimei]MyBB1.0.3~managegroup.php~Multiple SqlInjection & XSS

ORIGINAL ADVISORY/ http://myimei.com/security/2006-02-10/mybb103managegroupphpmultiple-sqlinjection-xss.html Vendor Credit:http://community.mybboard.net/showthread.php?tid=6777 ——————-Summary—————- Software: MyBB Sowtware’s Web Site: http://www.mybboard.com Versions: 1.0.3 Class: Remote Status:...

MyBB 1.0.2/1.0.3 - 'Managegroup.php' SQL Injection

source: https://www.securityfocus.com/bid/16689/info MyBB is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to compromise the...