Description

Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.7 allow remote administrators to execute arbitrary SQL commands via unspecified vectors in the (1) user search or (2) Mail Log in the Admin Control Panel (ACP).

Remediation

References

CVE-2012-2324

Related Vulnerabilities

Moodle Uncontrolled Recursion Vulnerability (CVE-2021-36395)

Internet Information Services Improper Input Validation Vulnerability (CVE-2000-0258)

Django Other Vulnerability (CVE-2009-3695)

TYPO3 Improper Input Validation Vulnerability (CVE-2020-15099)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5100)

Severity

High

Classification

CVE-2012-2324 CWE-138

Tags

Missing Update Known Vulnerabilities