Mybb Security Vulnerabilities and Issues — Mybb CVE List

Lucene search

MybbMybb

7 matches found

CVE•added 2017/11/10 11:29 p.m.•47 views

CVE-2017-16780

The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.

9.8CVSS9.7AI score0.01922EPSS

Web

CVE•added 2023/09/01 4:15 p.m.•45 views

CVE-2020-22612

Installer RCE on settings file write in MyBB before 1.8.22.

9.8CVSS9.4AI score0.00088EPSS

CVE•added 2017/01/31 10:59 p.m.•40 views

CVE-2016-9402

SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

9.8CVSS9.9AI score0.03692EPSS

CVE•added 2017/01/31 10:59 p.m.•36 views

CVE-2016-9420

MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allow remote attackers to have unspecified impact via vectors related to "loose comparison false positives."

9.8CVSS9.4AI score0.05329EPSS

CVE•added 2017/01/31 10:59 p.m.•33 views

CVE-2016-9403

newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to have unspecified impact by leveraging a missing permission check.

9.8CVSS9.6AI score0.05329EPSS

CVE•added 2017/01/31 10:59 p.m.•33 views

CVE-2016-9412

MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow attackers to have unspecified impact via vectors related to low adminsid and sid entropy.

9.8CVSS9.5AI score0.02853EPSS

CVE•added 2017/01/31 10:59 p.m.•30 views

CVE-2016-9416

SQL injection vulnerability in the users data handler in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

9.8CVSS9.8AI score0.03692EPSS