CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2103
https://notcve.org/view.php?id=CVE-2006-2103
SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2) setid, (3) expand, (4) title, or (5) sid2 parameters to (b) admin/templates.php. • http://secunia.com/advisories/19865 http://securityreason.com/securityalert/808 http://www.osvdb.org/25074 http://www.osvdb.org/25075 http://www.securityfocus.com/archive/1/432229/100/0/threaded http://www.vupen.com/english/advisories/2006/1566 https://exchange.xforce.ibmcloud.com/vulnerabilities/26103 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 1CVE-2006-1974 – MyBB 1.0/1.1 - 'index.php' Referrer Cookie SQL Injection
https://notcve.org/view.php?id=CVE-2006-1974
SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter. • https://www.exploit-db.com/exploits/27155 http://www.securityfocus.com/bid/16443 http://www.securityfocus.com/bid/16443/exploit •
CVSS: 5.8EPSS: 1%CPEs: 1EXPL: 1CVE-2006-1912 – MyBB 1.1 - Global Variable Overwrite
https://notcve.org/view.php?id=CVE-2006-1912
MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks. • https://www.exploit-db.com/exploits/27667 http://community.mybboard.net/showthread.php?tid=8232 http://myimei.com/security/2006-04-14/mybb110globalphpparameterextracting.html http://secunia.com/advisories/19668 http://www.osvdb.org/24710 http://www.osvdb.org/24711 http://www.securityfocus.com/archive/1/431061/30/5580/threaded http://www.vupen.com/english/advisories/2006/1381 https://exchange.xforce.ibmcloud.com/vulnerabilities/25865 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2006-1911
https://notcve.org/view.php?id=CVE-2006-1911
Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 allows remote attackers to inject arbitrary web script or HTML via the attachment content disposition in an HTML attachment. • http://community.mybboard.net/showthread.php?tid=8232 http://secunia.com/advisories/19668 http://www.vupen.com/english/advisories/2006/1381 https://exchange.xforce.ibmcloud.com/vulnerabilities/25864 •
CVSS: 5.1EPSS: 3%CPEs: 1EXPL: 0CVE-2006-1716
https://notcve.org/view.php?id=CVE-2006-1716
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. NOTE: the email vector is already covered by CVE-2006-1625, although it might stem from the same core issue. Vulnerabilidad de XSS en inc/functions_post.php en MyBB (también conocido como MyBulletinBoard) 1.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un evento JavaScript en una etiqueta BBCode img. NOTA: el vector de correo electrónico ya esta cubierto par la CVE-2006-1625, aunque podría provenir del mismo caso central. • http://kapda.ir/advisory-305.html http://myimei.com/security/2006-03-12/mybb-110functions_postphpxss-attack.html http://secunia.com/advisories/19516 http://www.osvdb.org/24375 http://www.securityfocus.com/archive/1/430344/100/0/threaded http://www.securityfocus.com/bid/17413 https://exchange.xforce.ibmcloud.com/vulnerabilities/25615 •