Description
MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings.
References
https://github.com/mybb/mybb/security/advisories/GHSA-ggp5-454p-867v
PatchThird Party Advisory
Product
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
4.9 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2022-11-22T00:15:12.187
2 years agoLast modified
2022-11-22T15:12:26.443
2 years ago