Description

Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Remediation

References

CVE-2007-2212

Related Vulnerabilities

XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-15252)

Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-23969)

GeoServer Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-24749)

Opencart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-11494)

WordPress Plugin AGP Font Awesome Collection Cross-Site Scripting (2.7.2)

Severity

High

Classification

CVE-2007-2212

Tags

Missing Update Known Vulnerabilities