CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2015-8974

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1650%
EPSS Percentile7.85th
Published2017年1月31日
Last Modified2026年5月13日

Vulnerability Description

SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Affected Platforms (CPE)

📦
Mybb

Merge System

<= 1.8.5
📦
Mybb

Mybb

<= 1.6.17
📦
Mybb

Mybb

= 1.8.0
📦
Mybb

Mybb

= 1.8.1
📦
Mybb

Mybb

= 1.8.2
📦
Mybb

Mybb

= 1.8.3
📦
Mybb

Mybb

= 1.8.4
📦
Mybb

Mybb

= 1.8.5

References & Advisories

🔗 http://www.openwall.com/lists/oss-security/2016/11/10/8
🔗 http://www.openwall.com/lists/oss-security/2016/11/18/1
🔗 http://www.securityfocus.com/bid/94397
🔗 https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/
🔗 http://www.openwall.com/lists/oss-security/2016/11/10/8
🔗 http://www.openwall.com/lists/oss-security/2016/11/18/1
🔗 http://www.securityfocus.com/bid/94397
🔗 https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/

相關漏洞威脅

CVE-2018-128929.9

An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due ...

CVE-2016-94039.8

newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to have unspeci...

CVE-2016-94029.8

SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 m...

CVE-2016-94129.8

MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow attackers to have unspecified impact via vectors ...