CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2103
https://notcve.org/view.php?id=CVE-2006-2103
SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2) setid, (3) expand, (4) title, or (5) sid2 parameters to (b) admin/templates.php. • http://secunia.com/advisories/19865 http://securityreason.com/securityalert/808 http://www.osvdb.org/25074 http://www.osvdb.org/25075 http://www.securityfocus.com/archive/1/432229/100/0/threaded http://www.vupen.com/english/advisories/2006/1566 https://exchange.xforce.ibmcloud.com/vulnerabilities/26103 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 1CVE-2006-1974 – MyBB 1.0/1.1 - 'index.php' Referrer Cookie SQL Injection
https://notcve.org/view.php?id=CVE-2006-1974
SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter. • https://www.exploit-db.com/exploits/27155 http://www.securityfocus.com/bid/16443 http://www.securityfocus.com/bid/16443/exploit •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2006-1911
https://notcve.org/view.php?id=CVE-2006-1911
Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 allows remote attackers to inject arbitrary web script or HTML via the attachment content disposition in an HTML attachment. • http://community.mybboard.net/showthread.php?tid=8232 http://secunia.com/advisories/19668 http://www.vupen.com/english/advisories/2006/1381 https://exchange.xforce.ibmcloud.com/vulnerabilities/25864 •
CVSS: 5.8EPSS: 1%CPEs: 1EXPL: 1CVE-2006-1912 – MyBB 1.1 - Global Variable Overwrite
https://notcve.org/view.php?id=CVE-2006-1912
MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks. • https://www.exploit-db.com/exploits/27667 http://community.mybboard.net/showthread.php?tid=8232 http://myimei.com/security/2006-04-14/mybb110globalphpparameterextracting.html http://secunia.com/advisories/19668 http://www.osvdb.org/24710 http://www.osvdb.org/24711 http://www.securityfocus.com/archive/1/431061/30/5580/threaded http://www.vupen.com/english/advisories/2006/1381 https://exchange.xforce.ibmcloud.com/vulnerabilities/25865 •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-1717
https://notcve.org/view.php?id=CVE-2006-1717
Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka MyBulletinBoard) 1.10, when configured to permit new threads by unregistered users, allows remote attackers to inject arbitrary web script or HTML via the username. • http://secunia.com/advisories/19516 http://www.securityfocus.com/archive/1/430464/100/0/threaded http://www.securityfocus.com/bid/17427 https://exchange.xforce.ibmcloud.com/vulnerabilities/25730 •