Vulnerabilities (CVE)

Filtered by vendor Mybulletinboard Subscribe
Total 63 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-0382 1 Mybulletinboard 1 Mybulletinboard 2025-04-09 7.5 HIGH N/A
Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php.
CVE-2007-2211 1 Mybulletinboard 1 Mybulletinboard 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action.
CVE-2007-1963 2 Mybb, Mybulletinboard 2 Mybb, Mybulletinboard 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775.
CVE-2008-0787 1 Mybulletinboard 1 Mybulletinboard 2025-04-09 6.5 MEDIUM N/A
SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php.
CVE-2007-1964 2 Mybb, Mybulletinboard 2 Mybb, Mybulletinboard 2025-04-09 6.0 MEDIUM N/A
member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.
CVE-2009-2230 1 Mybulletinboard 1 Mybulletinboard 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter.
CVE-2006-4706 1 Mybulletinboard 1 Mybulletinboard 2025-04-03 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded space, as demonstrated using "java& #115;cript," a different vulnerability than CVE-2006-3761.
CVE-2006-4449 1 Mybulletinboard 1 Mybulletinboard 2025-04-03 5.1 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer.
CVE-2005-2888 1 Mybulletinboard 1 Mybulletinboard 2025-04-03 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) Preview Release 2 allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter to misc.php or (2) Content-Disposition field in the HTTP header to newreply.php.
CVE-2006-0770 1 Mybulletinboard 1 Mybulletinboard 2025-04-03 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in "advanced details". NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-1272 1 Mybulletinboard 1 Mybulletinboard 2025-04-03 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in member.php in MyBulletin Board (MyBB) 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) aim, (2) yahoo, (3) msn, or (4) website field.
CVE-2006-0639 1 Mybulletinboard 1 Mybulletinboard 2025-04-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka MyBulletinBoard) 1.0.2 allows remote attackers with knowledge of the table prefix to inject arbitrary web script or HTML via a URL encoded value of the keywords parameter, as demonstrated by %3Cscript%3E.
CVE-2006-3760 1 Mybulletinboard 1 Mybulletinboard 2025-04-03 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2006-4707 1 Mybulletinboard 1 Mybulletinboard 2025-04-03 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF]).
CVE-2005-2580 1 Mybulletinboard 1 Mybulletinboard 2025-04-03 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in (1) index.php or (2) member.php, action parameter to (3) search.php or (4) member.php, or (5) polloptions parameter to polls.php.
CVE-2006-1911 1 Mybulletinboard 1 Mybulletinboard 2025-04-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 allows remote attackers to inject arbitrary web script or HTML via the attachment content disposition in an HTML attachment.
CVE-2006-3759 1 Mybulletinboard 1 Mybulletinboard 2025-04-03 5.0 MEDIUM N/A
Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related has unspecified impact and attack vectors related to "user group manipulation."
CVE-2005-3326 1 Mybulletinboard 1 Mybulletinboard 2025-04-03 7.5 HIGH N/A
SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the awayday parameter.
CVE-2006-2336 1 Mybulletinboard 1 Mybulletinboard 2025-04-03 6.4 MEDIUM N/A
SQL injection vulnerability in showthread.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter.
CVE-2006-3954 1 Mybulletinboard 1 Mybulletinboard 2025-04-03 5.0 MEDIUM N/A
Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action.