Description

MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings.

Remediation

References

CVE-2022-43709

Related Vulnerabilities

Oracle Application Server Other Vulnerability (CVE-2005-3451)

WordPress Plugin Slideshow Gallery 2 'border' Parameter Cross-Site Scripting (1.1.4)

Moodle Other Vulnerability (CVE-2007-1429)

PrestaShop Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2021-21302)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-30154)

Severity

Medium

Classification

CVE-2022-43709 CWE-138 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities