CVSS: 7.5EPSS: 78%CPEs: 1EXPL: 1CVE-2006-2908 – MyBulletinBoard (MyBB) < 1.1.3 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2006-2908
The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier. • https://www.exploit-db.com/exploits/1909 http://secunia.com/advisories/20371 http://secunia.com/secunia_research/2006-40/advisory http://securityreason.com/securityalert/1086 http://securitytracker.com/id?1016270 http://www.514.es/download/mybibi.pl http://www.osvdb.org/26216 http://www.securityfocus.com/archive/1/436767/100/0/threaded http://www.securityfocus.com/archive/1/437509/100/100/threaded http://www.securityfocus.com/bid/18396 http://www.vupen.com/english/ •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2006-2949
https://notcve.org/view.php?id=CVE-2006-2949
Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the do parameter. • http://secunia.com/advisories/20492 http://www.securityfocus.com/archive/1/436286/100/0/threaded http://www.securityfocus.com/bid/18297 http://www.vupen.com/english/advisories/2006/2190 https://exchange.xforce.ibmcloud.com/vulnerabilities/26994 •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2589
https://notcve.org/view.php?id=CVE-2006-2589
SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. NOTE: it is not clear from the original report how this attack can succeed, since the demonstration URL uses a variable that is overwritten with static data in the extracted source code. • http://securityreason.com/securityalert/952 http://www.securityfocus.com/archive/1/434728/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/28520 •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2006-2333
https://notcve.org/view.php?id=CVE-2006-2333
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.1 allow remote attackers to execute arbitrary SQL commands via the e-mail address when registering for a forum that requires e-mail verification, which is not properly handled in (1) usercp.php and (2) member.php. • http://myimei.com/security/2006-05-07/mybb111email-verification-in-user-activation-sql-injection-attack.html http://securityreason.com/securityalert/885 http://www.securityfocus.com/archive/1/433231/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/26545 •
CVSS: 6.4EPSS: 1%CPEs: 1EXPL: 1CVE-2006-2336 – MyBB 1.1.1 - 'showthread.php' SQL Injection
https://notcve.org/view.php?id=CVE-2006-2336
SQL injection vulnerability in showthread.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. • https://www.exploit-db.com/exploits/27843 http://securityreason.com/securityalert/884 http://www.osvdb.org/25674 http://www.securityfocus.com/archive/1/433564/100/0/threaded http://www.securityfocus.com/bid/17904 https://exchange.xforce.ibmcloud.com/vulnerabilities/26376 •