Description

SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the question_id parameter in a do_register action.

Remediation

References

CVE-2014-9240

Related Vulnerabilities

WordPress Plugin Google AdSense Click-Fraud Monitoring Cross-Site Scripting (1.8.6)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-6608)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2039)

Drupal Incorrect Authorization Vulnerability (CVE-2011-2726)

WordPress Plugin SEO SearchTerms Tagging 2 Multiple Vulnerabilities (1.535)

Severity

High

Classification

CVE-2014-9240 CWE-138

Tags

Missing Update Known Vulnerabilities