CyberSec.Space Logo
Back to CVE Browser

CVE-2016-9402

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1130%
EPSS Percentile11.59th
PublishedJan 31, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

Affected Platforms (CPE)

πŸ“¦
Mybb

Merge System

<= 1.8.6
πŸ“¦
Mybb

Mybb

<= 1.8.6

References & Advisories

πŸ”— http://www.openwall.com/lists/oss-security/2016/11/10/8
πŸ”— http://www.openwall.com/lists/oss-security/2016/11/18/1
πŸ”— http://www.securityfocus.com/bid/94395
πŸ”— https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/
πŸ”— http://www.openwall.com/lists/oss-security/2016/11/10/8
πŸ”— http://www.openwall.com/lists/oss-security/2016/11/18/1
πŸ”— http://www.securityfocus.com/bid/94395
πŸ”— https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/

Related Vulnerabilities

CVE-2015-897410.0

SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 ...

CVE-2018-128929.9

An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due ...

CVE-2016-94039.8

newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to have unspeci...

CVE-2016-94129.8

MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow attackers to have unspecified impact via vectors ...