Описание
SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2) setid, (3) expand, (4) title, or (5) sid2 parameters to (b) admin/templates.php.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.1:*:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.00349
Низкий
2.1 Low
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
почти 4 года назад
SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2) setid, (3) expand, (4) title, or (5) sid2 parameters to (b) admin/templates.php.
EPSS
Процентиль: 57%
0.00349
Низкий
2.1 Low
CVSS2
Дефекты
CWE-89