Description

SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.4.1 allows remote attackers to execute arbitrary SQL commands via a certain editor field.

Remediation

References

CVE-2008-3965

Related Vulnerabilities

WordPress Plugin Users Ultra Membership Arbitrary File Upload (1.5.58)

WordPress Plugin PHP Speedy 'admin_container.php' Remote PHP Code Execution (0.5.2)

WordPress Plugin Simple Download Monitor Multiple Cross-Site Request Forgery Vulnerabilities (3.9.8)

WordPress Plugin WP Symposium Multiple SQL Injection Vulnerabilities (12.09)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4401)

Severity

High

Classification

CVE-2008-3965 CWE-138

Tags

Missing Update Known Vulnerabilities