Description

MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings.

Related CPE's

a

mybb

mybb

Vulnerable

References

https://github.com/mybb/mybb/security/advisories/GHSA-ggp5-454p-867v

PatchThird Party Advisory

https://mybb.com

Product

Weaknesses

[email protected]

Primary
CWE-89

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

4.9 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2022-11-22T00:15:12.187

2 years ago

Last modified

2022-11-22T15:12:26.443

2 years ago