MyBB (aka MyBulletinBoard) 1.4.3

CPE Details

MyBB (aka MyBulletinBoard) 1.4.3
mybboard
mybb
1.4.3
2009-08-26
15h30 +00:00
2012-08-24
17h41 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:mybboard:mybb:1.4.3:*:*:*:*:*:*:*

Informations

Vendor

mybboard

Product

mybb

Version

1.4.3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2010-5096 2012-08-13 23h00 +00:00 Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php. NOTE: the vendor disputes this issue, saying "Although this doesn't lead to an SQL injection, it does provide a general MyBB SQL error.
7.5
CVE-2008-7082 2009-08-25 08h00 +00:00 MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key parameter in URLs to moderation.php with the (1) mergeposts, (2) split, and (3) deleteposts actions, which allows remote attackers to steal the token and bypass the cross-site request forgery (CSRF) protection mechanism to hijack the authentication of moderators by reading the token from the HTTP Referer header.
6.8
CVE-2008-6198 2009-02-19 23h00 +00:00 SQL injection vulnerability in pages.php in Custom Pages 1.0 plugin for MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the page parameter.
7.5