Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
MyBB Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2015-8974 - Vulnerability Database
MyBB

MyBB Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2015-8974

Critical
Reference: CVE-2015-8974
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2015-8974
Title: MyBB Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.