CyberSec.Space Logo
CVEブラウザに戻る

CVE-2016-9402

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1130%
EPSS Percentile11.59th
Published2017年1月31日
Last Modified2026年5月13日

Vulnerability Description

SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

Affected Platforms (CPE)

📦
Mybb

Merge System

<= 1.8.6
📦
Mybb

Mybb

<= 1.8.6

References & Advisories

🔗 http://www.openwall.com/lists/oss-security/2016/11/10/8
🔗 http://www.openwall.com/lists/oss-security/2016/11/18/1
🔗 http://www.securityfocus.com/bid/94395
🔗 https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/
🔗 http://www.openwall.com/lists/oss-security/2016/11/10/8
🔗 http://www.openwall.com/lists/oss-security/2016/11/18/1
🔗 http://www.securityfocus.com/bid/94395
🔗 https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/

関連する脆弱性情報

CVE-2015-897410.0

SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 ...

CVE-2018-128929.9

An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due ...

CVE-2016-94039.8

newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to have unspeci...

CVE-2016-94129.8

MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow attackers to have unspecified impact via vectors ...