CyberSec.Space Logo
Back to CVE Browser

CVE-2015-8974

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1650%
EPSS Percentile7.85th
PublishedJan 31, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Affected Platforms (CPE)

πŸ“¦
Mybb

Merge System

<= 1.8.5
πŸ“¦
Mybb

Mybb

<= 1.6.17
πŸ“¦
Mybb

Mybb

= 1.8.0
πŸ“¦
Mybb

Mybb

= 1.8.1
πŸ“¦
Mybb

Mybb

= 1.8.2
πŸ“¦
Mybb

Mybb

= 1.8.3
πŸ“¦
Mybb

Mybb

= 1.8.4
πŸ“¦
Mybb

Mybb

= 1.8.5

References & Advisories

πŸ”— http://www.openwall.com/lists/oss-security/2016/11/10/8
πŸ”— http://www.openwall.com/lists/oss-security/2016/11/18/1
πŸ”— http://www.securityfocus.com/bid/94397
πŸ”— https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/
πŸ”— http://www.openwall.com/lists/oss-security/2016/11/10/8
πŸ”— http://www.openwall.com/lists/oss-security/2016/11/18/1
πŸ”— http://www.securityfocus.com/bid/94397
πŸ”— https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/

Related Vulnerabilities

CVE-2018-128929.9

An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due ...

CVE-2016-94039.8

newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to have unspeci...

CVE-2016-94029.8

SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 m...

CVE-2016-94129.8

MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow attackers to have unspecified impact via vectors ...