CVE-2006-0218
https://notcve.org/view.php?id=CVE-2006-0218
Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php, (4) inc/functions_upload.php, (5) printthread.php, and (6) usercp.php, and probably related to SQL injection. NOTE: it is likely that this issue subsumes CVE-2005-4602 and CVE-2005-4603. However, since the vendor advisory is vague and additional files are mentioned, is is likely that this contains at least one distinct vulnerability from CVE-2005-4602 and CVE-2005-4603. • http://community.mybboard.net/showthread.php?tid=5852 •
CVE-2005-4199
https://notcve.org/view.php?id=CVE-2005-4199
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php. • http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0379.html http://community.mybboard.net/showthread.php?tid=5184&pid=30964#pid30964 http://secunia.com/advisories/18000 http://securityreason.com/securityalert/246 http://securityreason.com/securityalert/294 http://securitytracker.com/id?1015407 http://www.osvdb.org/22156 http://www.osvdb.org/22157 http://www.osvdb.org/22158 http://www.securityfocus.com/archive/1/419067/100/0/threaded http://www.securityfocus.com/archive • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •