Description

SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in a search action to admin/index.php.

Remediation

References

CVE-2012-5909

Related Vulnerabilities

Apache Tomcat Other Vulnerability (CVE-2002-2009)

WordPress Plugin Contact Form 7 Style Cross-Site Request Forgery (3.2)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-35478)

MySQL CVE-2012-0572 Vulnerability (CVE-2012-0572)

WordPress Plugin YITH WooCommerce Cart Messages Security Bypass (1.4.3)

Severity

High

Classification

CVE-2012-5909 CWE-138

Tags

Missing Update Known Vulnerabilities