Description

SQL injection vulnerability in the users data handler in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Remediation

References

CVE-2016-9416

Related Vulnerabilities

Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-26271)

WordPress Plugin Google AdSense Click-Fraud Monitoring Cross-Site Scripting (1.8.6)

WordPress Plugin GigPress Multiple SQL Injection Vulnerabilities (2.3.8)

WordPress Plugin AccessPress Anonymous Post Pro Arbitrary File Upload (3.1.9)

Django Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-2512)

Severity

Critical

Classification

CVE-2016-9416 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities