Description SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files. Remediation References CVE-2021-27890 Related Vulnerabilities Nexus Repository Manager Server-Side Request Forgery (SSRF) Vulnerability (CVE-2022-27907) WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-5278) WordPress Plugin AceIDE Local File Inclusion (2.6.2) IBMHttpServer CVE-2012-5955 Vulnerability (CVE-2012-5955) WordPress Plugin Logo Showcase with Slick Slider-Logo Carousel, Logo Slider & Logo Grid Cross-Site Request Forgery (2.0) Severity High Classification CVE-2021-27890 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities