Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mybb vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2021-27946
SQL Injection vulnerability in MyBB prior to 1.8.26 via poll vote count. (issue 1 of 3).
Mybb Mybb
NA
CVE-2022-45867
MyBB prior to 1.8.33 allows Directory Traversal. The Admin CP Languages module allows remote authenticated users, with high privileges, to achieve local file inclusion and execution.
Mybb Mybb
NA
CVE-2022-39265
MyBB is a free and open source forum software. The _Mail Settings_ ? Additional Parameters for PHP's mail() function mail_parameters setting value, in connection with the configured mail program's options and behavior, may allow access to sensitive information and Remot...
Mybb Mybb
312
VMScore
CVE-2019-12830
In MyBB prior to 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue.
Mybb Mybb
356
VMScore
CVE-2017-7566
MyBB prior to 1.8.11 allows remote malicious users to bypass an SSRF protection mechanism.
Mybb Mybb
445
VMScore
CVE-2017-8104
In MyBB prior to 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter.
Mybb Mybb
NA
CVE-2023-46251
MyBB is a free and open source forum software. Custom MyCode (BBCode) for the visual editor (_SCEditor_) doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. This weakness can be exploited by pointing a victim to a page where the vi...
Mybb Mybb
445
VMScore
CVE-2007-0689
MyBB 1.2.4 allows remote malicious users to obtain sensitive information via the (1) action[] parameter to member.php, (2) imagehash[] parameter to captcha.php, and (3) a direct request to inc/datahandlers/event.php, which reveal the installation path in the resulting error messa...
Mybb Mybb
NA
CVE-2022-43707
MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in the visual MyCode editor (SCEditor) allows remote malicious users to inject HTML via user input or stored data
Mybb Mybb
NA
CVE-2022-43708
MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabilities in the post Attachments interface allow malicious users to inject HTML by persuading the user to upload a file with specially crafted name
Mybb Mybb
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »