Description

SQL injection vulnerability in the users data handler in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Remediation

References

CVE-2016-9416

Related Vulnerabilities

WordPress Plugin WP Activity Log Security Bypass (4.0.1)

MySQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2012-0882)

WordPress Plugin Login rebuilder Cross-Site Request Forgery (1.1.3)

MySQL CVE-2018-2758 Vulnerability (CVE-2018-2758)

WordPress Plugin WordPress File Upload Directory Traversal (4.12.2)

Severity

Critical

Classification

CVE-2016-9416 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities