Description

SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Remediation

References

CVE-2015-8974

Related Vulnerabilities

WordPress Plugin Related Posts by Zemanta Cross-Site Request Forgery (1.3.1)

Oracle Database Server CVE-2011-2231 Vulnerability (CVE-2011-2231)

Oracle Database Server CVE-2009-3410 Vulnerability (CVE-2009-3410)

Moodle Improper Input Validation Vulnerability (CVE-2020-1756)

IBM RTC Files or Directories Accessible to External Parties Vulnerability (CVE-2017-1602)

Severity

Critical

Classification

CVE-2015-8974 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities