Description

SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files.

Remediation

References

CVE-2021-27890

Related Vulnerabilities

SugarCRM Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2019-17316)

WordPress Plugin WP-ViperGB Cross-Site Request Forgery (1.3.10)

MediaWiki URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-19709)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3727)

PostgreSQL Improper Input Validation Vulnerability (CVE-2012-3489)

Severity

High

Classification

CVE-2021-27890 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities