First published: Mon Nov 21 2022(Updated: )
MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mybb Mybb | <1.8.32 | |
<1.8.32 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-43709 is a SQL injection vulnerability in MyBB 1.8.31 that allows remote authenticated users to modify the query string.
CVE-2022-43709 has a severity keyword of 'medium' and a severity value of 4.9.
To fix CVE-2022-43709, update MyBB to version 1.8.32 or newer.
You can find more information about CVE-2022-43709 on the GitHub advisory page (https://github.com/mybb/mybb/security/advisories/GHSA-ggp5-454p-867v) and the MyBB website (https://mybb.com).
CWE-89 refers to a SQL injection vulnerability, which is the type of vulnerability present in CVE-2022-43709.