7.5

CVE-2006-3243

SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MybulletinboardMybulletinboard Version1.0.1
MybulletinboardMybulletinboard Version1.0.2
MybulletinboardMybulletinboard Version1.0.3
MybulletinboardMybulletinboard Version1.0.4
MybulletinboardMybulletinboard Version1.0_final
MybulletinboardMybulletinboard Version1.0_pr2
MybulletinboardMybulletinboard Version1.0_preview_release_2
MybulletinboardMybulletinboard Version1.00_rc1
MybulletinboardMybulletinboard Version1.00_rc2
MybulletinboardMybulletinboard Version1.0_rc2
MybulletinboardMybulletinboard Version1.00_rc3
MybulletinboardMybulletinboard Version1.0_rc4
MybulletinboardMybulletinboard Version1.00_rc4
MybulletinboardMybulletinboard Version1.00_rc4_security_patch
MybulletinboardMybulletinboard Version1.1.1
MybulletinboardMybulletinboard Version1.1.2
MybulletinboardMybulletinboard Version1.1.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.36% 0.68
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://community.mybboard.net/showthread.php?tid=9955
http://myimei.com/security/2006-06-21/mybb113option-update-for-code-buttonssql-injection-admin-access.html
http://secunia.com/advisories/20795
Patch
Vendor Advisory
http://securityreason.com/securityalert/1147
http://www.securityfocus.com/archive/1/438209
http://www.vupen.com/english/advisories/2006/2511
https://exchange.xforce.ibmcloud.com/vulnerabilities/27410