Description
MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings.
References
https://github.com/mybb/mybb/security/advisories/GHSA-ggp5-454p-867v
PatchThird Party Advisory
Product
https://github.com/mybb/mybb/security/advisories/GHSA-ggp5-454p-867v
PatchThird Party Advisory
Product
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
4.9 · Medium
Information
Source identifier
Vulnerability status
Modified
Published
2022-11-21T23:15:12.187Z
3 years agoLast modified
2025-04-29T12:15:22.290Z
10 months ago