CVE-2008-0383
MyBB 1.2.10 - 'moderation.php' Multiple SQL Injections
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary SQL commands via (1) the mergepost parameter in a do_mergeposts action, (2) rid parameter in an allreports action, or (3) threads parameter in a do_multimovethreads action to (a) moderation.php; or (4) gid parameter to (b) admin/usergroups.php.
Múltiples vulnerabilidades de inyección SQL en MyBB 1.2.10 y anteriores permite a moderadores remotos y administradores ejecutar comnandos SQL a través del parámetros (1)mergepost en una acción do_mergepostsm (2) parámetro rid en una acción allreports, o (3) parámetro threads en una acción do_multimovethreads en (a) moderation.php; o parámetro (4)gid en (b) admin/usergroups.php.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-01-16 First Exploit
- 2008-01-22 CVE Reserved
- 2008-01-22 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-25 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://community.mybboard.net/showthread.php?tid=27227 | X_refsource_confirm | |
| http://securityreason.com/securityalert/3558 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/486433/100/0/threaded | Mailing List | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39728 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39729 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/31034 | 2008-01-16 | |
| http://www.securityfocus.com/bid/27323 | 2024-08-07 | |
| http://www.waraxe.us/advisory-62.html | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/28509 | 2018-10-15 |