Description

Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Remediation

References

CVE-2007-2212

Related Vulnerabilities

WordPress Plugin Profiles 'bio-img.php' SQL Injection (2.0RC1)

MySQL CVE-2019-2801 Vulnerability (CVE-2019-2801)

WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Cross-Site Scripting (4.7.4)

WordPress Plugin Wrapper Link Elementor Malicious Code (1.0.3)

WordPress Plugin WP-Live Chat by 3CX Information Disclosure (8.0.28)

Severity

High

Classification

CVE-2007-2212

Tags

Missing Update Known Vulnerabilities