CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2021-27946 – MyBB 1.8.25 - Poll Vote Count SQL Injection
https://notcve.org/view.php?id=CVE-2021-27946
15 Mar 2021 — SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. (issue 1 of 3). Una vulnerabilidad de inyección SQL en MyBB, versiones anteriores a 1.8.26, mediante el recuento de votos de la encuesta. (número 1 de 3) MyBB version 1.8.25 suffers from a remote SQL injection vulnerability. • https://packetstorm.news/files/id/161918 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 5%CPEs: 1EXPL: 4CVE-2021-27890 – MyBB 1.8.25 - Chained Remote Command Execution
https://notcve.org/view.php?id=CVE-2021-27890
15 Mar 2021 — SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files. Una vulnerabilidad de inyección SQL en MyBB versiones anteriores a 1.8.26, mediante las propiedades del tema incluyendo en los archivos XML del tema • https://packetstorm.news/files/id/161908 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 4CVE-2021-27889 – MyBB 1.8.25 - Chained Remote Command Execution
https://notcve.org/view.php?id=CVE-2021-27889
15 Mar 2021 — Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en MyBB versiones anteriores a 1.8.26 a través de Nested Auto URL cuando se analizan los mensajes • https://packetstorm.news/files/id/161908 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-27279
https://notcve.org/view.php?id=CVE-2021-27279
22 Feb 2021 — MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCode (aka BBCode). MyBB versiones anteriores a 1.8.25, permite un ataque de tipo XSS almacenado por medio de etiquetas [correo electrónico] anidadas con MyCode (también se conoce como BBCode) • https://github.com/mybb/mybb/commit/cb781b49116bf5c4d8deca3e17498122b701677a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15139 – XSS in MyBB
https://notcve.org/view.php?id=CVE-2020-15139
10 Aug 2020 — In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active (e.g. as a post or Private Message) and operates on a maliciously crafted MyCode message. This may occur on pages where message content is pre-filled using a GET/POST parameter, or on reply pages where a previously saved malicious message is ... • https://github.com/mybb/mybb/commit/37ad29dcd25489a37bdd89ebac761f22492558b0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-20225
https://notcve.org/view.php?id=CVE-2019-20225
02 Jan 2020 — MyBB before 1.8.22 allows an open redirect on login. MyBB versiones anteriores a la versión 1.8.22, permite un redireccionamiento abierto sobre el inicio de sesión. • https://blog.mybb.com/2019/12/30/mybb-1-8-22-released-security-maintenance-release • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12831
https://notcve.org/view.php?id=CVE-2019-12831
15 Jun 2019 — In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of aaaaaaaaaaaaaaaaaaaaaaaaaa.php.css to aaaaaaaaaaaaaaaaaaaaaaaaaa.php with a 30-character limit, aka theme import stylesheet name RCE. En MyBB anterior a versión 1.8.21, un atacante puede abusar de un comportamiento por de... • https://blog.mybb.com/2019/06/10/mybb-1-8-21-released-security-maintenance-release • CWE-20: Improper Input Validation •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12830
https://notcve.org/view.php?id=CVE-2019-12830
15 Jun 2019 — In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue. En MyBB anterior a 1.8.21, un atacante puede aprovechar un fallo de análisis en el renderizador de Publicación y Mensaje Privado que conlleva a un ataque XSS persistente de BBCode de [video] para controlar cualquier cuenta del foro, también se conoce como un problema de video anidado de MyCode. • https://blog.mybb.com/2019/06/10/mybb-1-8-21-released-security-maintenance-release • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •