Description

** DISPUTED ** Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php. NOTE: the vendor disputes this issue, saying "Although this doesn't lead to an SQL injection, it does provide a general MyBB SQL error."

Remediation

References

CVE-2010-5096

Related Vulnerabilities

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0005)

WordPress Improper Input Validation Vulnerability (CVE-2008-2392)

WordPress Plugin Bookly #1 WordPress Booking Plugin (Lite Version) Cross-Site Scripting (14.4)

Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33195)

WordPress Plugin Universal Analytics Cross-Site Scripting (1.3.0)

Severity

High

Classification

CVE-2010-5096 CWE-138

Tags

Missing Update Known Vulnerabilities