CVE-2010-5096

EPSS 7.19%
Veröffentlicht 13.08.2012 23:55:00
Zuletzt bearbeitet 26.09.2025 19:39:38
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php.  NOTE: the vendor disputes this issue, saying "Although this doesn't lead to an SQL injection, it does provide a general MyBB SQL error.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mybb ≫ Mybb Version <= 1.6.0

Mybb ≫ Mybb Version1.00

Mybb ≫ Mybb Version1.0 Updatebeta4

Mybb ≫ Mybb Version1.0 Updatepr1

Mybb ≫ Mybb Version1.0 Updatepr2

Mybb ≫ Mybb Version1.0 Updaterc1

Mybb ≫ Mybb Version1.0 Updaterc2

Mybb ≫ Mybb Version1.0 Updaterc3

Mybb ≫ Mybb Version1.0 Updaterc4

Mybb ≫ Mybb Version1.01

Mybb ≫ Mybb Version1.1.0

Mybb ≫ Mybb Version1.1.1

Mybb ≫ Mybb Version1.1.2

Mybb ≫ Mybb Version1.1.3

Mybb ≫ Mybb Version1.1.4

Mybb ≫ Mybb Version1.1.5

Mybb ≫ Mybb Version1.1.6

Mybb ≫ Mybb Version1.1.7

Mybb ≫ Mybb Version1.1.8

Mybb ≫ Mybb Version1.02

Mybb ≫ Mybb Version1.2

Mybb ≫ Mybb Version1.2.0

Mybb ≫ Mybb Version1.2.1

Mybb ≫ Mybb Version1.2.2

Mybb ≫ Mybb Version1.2.3

Mybb ≫ Mybb Version1.2.4

Mybb ≫ Mybb Version1.2.5

Mybb ≫ Mybb Version1.2.6

Mybb ≫ Mybb Version1.2.7

Mybb ≫ Mybb Version1.2.8

Mybb ≫ Mybb Version1.2.9

Mybb ≫ Mybb Version1.2.10

Mybb ≫ Mybb Version1.2.11

Mybb ≫ Mybb Version1.2.12

Mybb ≫ Mybb Version1.2.13

Mybb ≫ Mybb Version1.2.14

Mybb ≫ Mybb Version1.03

Mybb ≫ Mybb Version1.3 Updatepre-1.0

Mybb ≫ Mybb Version1.04

Mybb ≫ Mybb Version1.4.0

Mybb ≫ Mybb Version1.4.1

Mybb ≫ Mybb Version1.4.2

Mybb ≫ Mybb Version1.4.3

Mybb ≫ Mybb Version1.4.4

Mybb ≫ Mybb Version1.4.5

Mybb ≫ Mybb Version1.4.6

Mybb ≫ Mybb Version1.4.7

Mybb ≫ Mybb Version1.4.8

Mybb ≫ Mybb Version1.4.9

Mybb ≫ Mybb Version1.4.10

Mybb ≫ Mybb Version1.4.11

Mybb ≫ Mybb Version1.4.12

Mybb ≫ Mybb Version1.4.13

Mybb ≫ Mybb Version1.4.14

Mybb ≫ Mybb Version1.4.15

Mybb ≫ Mybb Version1.4.16

Mybb ≫ Mybb Version1.5.1

Mybb ≫ Mybb Version1.5.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	7.19%	0.907

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

http://dev.mybb.com/issues/1330

http://www.openwall.com/lists/oss-security/2012/03/23/4

http://www.openwall.com/lists/oss-security/2012/03/25/1

http://www.openwall.com/lists/oss-security/2012/05/08/3

http://www.openwall.com/lists/oss-security/2012/05/08/7

http://www.osvdb.org/70013

http://www.osvdb.org/70014

http://www.securityfocus.com/bid/45565

https://nvd.nist.gov/vuln/detail/CVE-2010-5096

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-5096

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-5096

EUVD