Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

MyBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-27890)

Description

SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files.

Remediation

References

Related Vulnerabilities

WordPress Plugin Blaze Slideshow 'upload.php' Arbitrary File Upload (2.4)

LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-29710)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-41224)

PHP Improper Input Validation Vulnerability (CVE-2014-3487)

WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Privilege Escalation (3.7.1.4)

Severity

High

Classification

CVE-2021-27890 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities