First published: Tue Dec 13 2005(Updated: )
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mybb Mybb | =1.0-rc2 | |
Mybb Mybb | =1.0-rc4 | |
Mybb Mybb | =1.0-rc3 | |
Mybb Mybb | <=1.0 | |
Mybb Mybb | =1.0-pr1 | |
Mybb Mybb | =1.0-rc1 | |
Mybb Mybb | =1.0-beta4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.