Mybb

Mybb

141 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.66%
  • Veröffentlicht 15.02.2008 01:00:00
  • Zuletzt bearbeitet 16.06.2026 22:50:21

Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2.11 and earlier allow remote attackers to (1) hijack the authentication of moderators or administrators for requests that delete threads via a do_multideletethreads action to moder...

Exploit
  • EPSS 1.49%
  • Veröffentlicht 22.01.2008 20:00:00
  • Zuletzt bearbeitet 16.06.2026 22:49:30

Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary SQL commands via (1) the mergepost parameter in a do_mergeposts action, (2) rid parameter in an allreports action, or (3...

Exploit
  • EPSS 1.62%
  • Veröffentlicht 14.05.2007 21:19:00
  • Zuletzt bearbeitet 16.06.2026 22:36:04

MyBB 1.2.4 allows remote attackers to obtain sensitive information via the (1) action[] parameter to member.php, (2) imagehash[] parameter to captcha.php, and (3) a direct request to inc/datahandlers/event.php, which reveal the installation path in t...

  • EPSS 0.91%
  • Veröffentlicht 24.04.2007 20:19:00
  • Zuletzt bearbeitet 16.06.2026 22:39:09

Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) month parameter. NOTE: the provenance of this information is unkn...

  • EPSS 1.32%
  • Veröffentlicht 11.04.2007 10:19:00
  • Zuletzt bearbeitet 16.06.2026 22:38:39

SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a relat...

  • EPSS 0.95%
  • Veröffentlicht 11.04.2007 10:19:00
  • Zuletzt bearbeitet 16.06.2026 22:38:39

member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prin...

  • EPSS 0.94%
  • Veröffentlicht 31.01.2007 18:28:00
  • Zuletzt bearbeitet 16.06.2026 22:35:56

Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulletinBoard) 1.2.2 allows remote attackers to send messages to arbitrary users. NOTE: the provenance of this information is unknown; the details are obtained solely from third party in...

  • EPSS 1.11%
  • Veröffentlicht 29.01.2007 17:28:00
  • Zuletzt bearbeitet 16.06.2026 22:35:47

Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949.

Exploit
  • EPSS 1.84%
  • Veröffentlicht 26.01.2006 22:03:00
  • Zuletzt bearbeitet 16.06.2026 22:20:36

Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in MyBulletinBoard (MyBB) 1.02 allow remote attackers to inject arbitrary web script or HTML via the (1) notepad parameter in a notepad action and (2) signature parameter in an editsig...

  • EPSS 1.2%
  • Veröffentlicht 16.01.2006 21:03:00
  • Zuletzt bearbeitet 16.06.2026 22:20:07

Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php, (4) inc/functions_upload.php, (5) printthread.php,...