Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

MyBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-27947)

Description

SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. (issue 2 of 3).

Remediation

References

Related Vulnerabilities

MySQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-8289)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-0792)

WordPress Plugin My Calendar Multiple Cross-Site Scripting Vulnerabilities (2.3.9)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1836)

Drupal Core 7.x Cross-Site Scripting (7.0 - 7.72)

Severity

High

Classification

CVE-2021-27947 CWE-138 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities