Description

SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in a search action to admin/index.php.

Remediation

References

CVE-2012-5909

Related Vulnerabilities

WordPress Plugin Drug Search Cross-Site Scripting (1.0.0)

MySQL CVE-2013-1511 Vulnerability (CVE-2013-1511)

WordPress Plugin WordPress Download Manager Unspecified Vulnerability (3.1.18)

Oracle Database Server CVE-2010-0851 Vulnerability (CVE-2010-0851)

DataTables Prototype Pollution Vulnerability (CVE-2020-28458)

Severity

High

Classification

CVE-2012-5909 CWE-138

Tags

Missing Update Known Vulnerabilities