CVE-2015-8974

Опубликовано: 31 янв. 2017

Источник: nvd

CVSS3: 10

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Ссылки

http://www.openwall.com/lists/oss-security/2016/11/10/8
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/11/18/1
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/94397
Third Party Advisory
VDB Entry
https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/
Release Notes
Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/11/10/8
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/11/18/1
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/94397
Third Party Advisory
VDB Entry
https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*

Версия до 1.8.5 (включая)

cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*

Версия до 1.6.17 (включая)

cpe:2.3:a:mybb:mybb:1.8.0:*:*:*:*:*:*:*

cpe:2.3:a:mybb:mybb:1.8.1:*:*:*:*:*:*:*

cpe:2.3:a:mybb:mybb:1.8.2:*:*:*:*:*:*:*

cpe:2.3:a:mybb:mybb:1.8.3:*:*:*:*:*:*:*

cpe:2.3:a:mybb:mybb:1.8.4:*:*:*:*:*:*:*

cpe:2.3:a:mybb:mybb:1.8.5:*:*:*:*:*:*:*

EPSS

Процентиль: 88%

0.03692

Низкий

10 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-9wjc-jp2f-45cq