CVE-2016-9416: SQL Injection
First published: Tue Jan 31 2017(Updated: )
SQL injection vulnerability in the users data handler in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MyBB | <=1.8.7 | |
| MyBB | <=1.8.7 | |
| <=1.8.7 | ||
| <=1.8.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-9416?
CVE-2016-9416 is classified as a high severity SQL injection vulnerability.
How do I fix CVE-2016-9416?
To fix CVE-2016-9416, upgrade MyBB to version 1.8.8 or later.
What software is affected by CVE-2016-9416?
CVE-2016-9416 affects MyBB versions before 1.8.8 and the MyBB Merge System before 1.8.8.
What type of vulnerability is CVE-2016-9416?
CVE-2016-9416 is an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL commands.
Are there known exploits for CVE-2016-9416?
Yes, there are known exploits that target CVE-2016-9416, taking advantage of the SQL injection flaw.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/weakness
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- agent/event
- vendor/mybb
- canonical/mybb
- version/mybb/1.8.7