Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
MyBB Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2008-0383 - Vulnerability Database
MyBB

MyBB Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2008-0383

High
Reference: CVE-2008-0383
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2008-0383
Title: MyBB Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary SQL commands via (1) the mergepost parameter in a do_mergeposts action (2) rid parameter in an allreports action or (3) threads parameter in a do_multimovethreads action to (a) moderation.php or (4) gid parameter to (b) admin/usergroups.php.