Page 22 of 106 results (0.004 seconds)

CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0

Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php. • http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0379.html http://community.mybboard.net/showthread.php?tid=5184&pid=30964#pid30964 http://secunia.com/advisories/18000 http://securityreason.com/securityalert/246 http://securityreason.com/securityalert/294 http://securitytracker.com/id?1015407 http://www.osvdb.org/22156 http://www.osvdb.org/22157 http://www.osvdb.org/22158 http://www.securityfocus.com/archive/1/419067/100/0/threaded http://www.securityfocus.com/archive&#x • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •