CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2CVE-2007-0689
https://notcve.org/view.php?id=CVE-2007-0689
MyBB 1.2.4 allows remote attackers to obtain sensitive information via the (1) action[] parameter to member.php, (2) imagehash[] parameter to captcha.php, and (3) a direct request to inc/datahandlers/event.php, which reveal the installation path in the resulting error message. MyBB 1.2.4 permite a atacantes remotos obtener información sensible a través del parámetro (1) action[] en member.php, el parámetro (2)imagehash[] en captcha.php, and (3) una respuesta directa en inc/datahandlers/event.php, el cual revela la ruta de instalación en el mensaje de error resultado. • http://marc.info/?l=full-disclosure&m=117909973216181&w=2 http://osvdb.org/35548 http://osvdb.org/35549 http://www.netvigilance.com/advisory0017 http://www.osvdb.org/34155 http://www.securityfocus.com/archive/1/468549/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/34336 •
CVSS: 7.5EPSS: 6%CPEs: 2EXPL: 1CVE-2007-1963 – MyBulletinBoard (MyBB) 1.2.3 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2007-1963
SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775. Vulnerabilidad de inyección SQL en la función create_session en class_session.php de MyBB (también conocido como MyBulletinBoard) 1.2.3 y anteriores permite a atacantes remotos ejecutar comandos sql de su elección mediante la cabecera HTTP Client-IP, como ha sido utilizado por index.php, un asunto relacionado con CVE-2006-3775. • https://www.exploit-db.com/exploits/3653 http://community.mybboard.net/attachment.php?aid=5842 http://community.mybboard.net/showthread.php?tid=18002 http://osvdb.org/34657 http://secunia.com/advisories/24689 http://www.securityfocus.com/archive/1/464563/100/0/threaded http://www.vupen.com/english/advisories/2007/1244 •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2006-0218
https://notcve.org/view.php?id=CVE-2006-0218
Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php, (4) inc/functions_upload.php, (5) printthread.php, and (6) usercp.php, and probably related to SQL injection. NOTE: it is likely that this issue subsumes CVE-2005-4602 and CVE-2005-4603. However, since the vendor advisory is vague and additional files are mentioned, is is likely that this contains at least one distinct vulnerability from CVE-2005-4602 and CVE-2005-4603. • http://community.mybboard.net/showthread.php?tid=5852 •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2005-4199
https://notcve.org/view.php?id=CVE-2005-4199
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php. • http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0379.html http://community.mybboard.net/showthread.php?tid=5184&pid=30964#pid30964 http://secunia.com/advisories/18000 http://securityreason.com/securityalert/246 http://securityreason.com/securityalert/294 http://securitytracker.com/id?1015407 http://www.osvdb.org/22156 http://www.osvdb.org/22157 http://www.osvdb.org/22158 http://www.securityfocus.com/archive/1/419067/100/0/threaded http://www.securityfocus.com/archive&#x • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •