Description
MyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict uid values for group join requests, which allows remote attackers to cause a denial of service (resource consumption) by using guest access to submit join request forms for moderated groups, related to usercp.php and managegroup.php.
Remediation
References
Related Vulnerabilities
MySQL CVE-2014-6551 Vulnerability (CVE-2014-6551)
Oracle JRE CVE-2013-1500 Vulnerability (CVE-2013-1500)
WordPress 4.9.x Multiple Vulnerabilities (4.9 - 4.9.4)
WordPress Plugin We�re Open! Cross-Site Scripting (1.41)
WordPress Plugin ShareThis Dashboard for Google Analytics Cross-Site Scripting (2.5.1)