CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2006-0218
https://notcve.org/view.php?id=CVE-2006-0218
16 Jan 2006 — Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php, (4) inc/functions_upload.php, (5) printthread.php, and (6) usercp.php, and probably related to SQL injection. NOTE: it is likely that this issue subsumes CVE-2005-4602 and CVE-2005-4603. However, since the vendor advisory is vague and additional files are mentioned, is is likely that this contains at least one ... • http://community.mybboard.net/showthread.php?tid=5852 •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2005-4199
https://notcve.org/view.php?id=CVE-2005-4199
13 Dec 2005 — Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php. • http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0379.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •