Description
SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress 5.7.x PHP Object Injection (5.7 - 5.7.1)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4284)
WordPress Plugin UpdraftPlus WordPress Backup Cross-Site Scripting (1.22.8)
WordPress Plugin VK Gallery TimThumb Arbitrary File Upload (1.1.0)
WordPress Plugin Download Plugin Unspecified Vulnerability (1.6.1)