threat
engine
.sh
Back
·
··:··
Home
/
Product
/
mybb
Product
mybb
146 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2018-25250
<= 1.2
MyBB Last User's Threads in Profile Plugin 1.2 contains a persistent cross-site scripting vulnerability that allows attackers to i
7.2
HIGH
CVE-2021-47905
all versions
MyBB Delete Account Plugin 1.4 contains a cross-site scripting vulnerability in the account deletion reason input field. Attackers
6.1
MEDIUM
CVE-2023-53979
all versions
MyBB 1.8.32 contains a chained vulnerability that allows authenticated administrators to bypass avatar upload restrictions and exe
8.8
HIGH
CVE-2023-53978
all versions
myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum announcement system that allows authenticated
5.4
MEDIUM
CVE-2023-53977
all versions
myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum management system that allows authenticated a
5.4
MEDIUM
CVE-2023-53976
all versions
myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the template management system that allows authenticate
5.4
MEDIUM
CVE-2011-10018
all versions
myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attacker
9.8
CRITICAL
CVE-2025-48941
< 1.8.39
MyBB is free and open source forum software. Prior to version 1.8.39, the search component does not validate permissions correctly
5.3
MEDIUM
CVE-2025-48940
< 1.8.39
MyBB is free and open source forum software. Prior to version 1.8.39, the upgrade component does not validate user input properly,
7.2
HIGH
CVE-2025-29460
all versions
An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Add Mycode function. NOTE: the Supplier d
7.6
HIGH
CVE-2025-29459
all versions
An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail function. NOTE: the Supplier dispute
7.6
HIGH
CVE-2025-29458
all versions
An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function. NOTE: the Supplie
7.6
HIGH
CVE-2025-29457
all versions
An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a Theme function. NOTE: the Suppli
7.6
HIGH
CVE-2024-52702
all versions
A stored cross-site scripting (XSS) vulnerability in the component install\index.php of MyBB v1.8.38 allows attackers to execute a
5.4
MEDIUM
CVE-2024-23336
< 1.8.38
MyBB is a free and open source forum software. The default list of disallowed remote hosts does not contain the
127.0.0.0/8
bloc
5.0
MEDIUM
CVE-2024-23335
< 1.8.38
MyBB is a free and open source forum software. The backup management module of the Admin CP may accept
.htaccess
as the name of
4.7
MEDIUM
CVE-2023-45556
< 1.8.37
Cross Site Scripting vulnerability in Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Na
5.4
MEDIUM
CVE-2023-46251
< 1.8.37
MyBB is a free and open source forum software. Custom MyCode (BBCode) for the visual editor (_SCEditor_) doesn't escape input prop
7.5
HIGH
CVE-2020-22612
< 1.8.22
Installer RCE on settings file write in MyBB before 1.8.22.
9.8
CRITICAL
CVE-2023-41362
< 1.8.36
MyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval, and
7.2
HIGH
CVE-2023-28467
< 1.8.34
In MyBB before 1.8.34, there is XSS in the User CP module via the user email field.
6.1
MEDIUM
CVE-2022-28354
all versions
In the Active Threads Plugin 1.3.0 for MyBB, the activethreads.php date parameter is vulnerable to XSS when setting a time period.
6.1
MEDIUM
CVE-2022-45867
< 1.8.33
MyBB before 1.8.33 allows Directory Traversal. The Admin CP Languages module allows remote authenticated users, with high privileg
7.2
HIGH
CVE-2022-43709
< 1.8.32
MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query
4.9
MEDIUM
CVE-2022-43708
< 1.8.32
MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabilities in the post Attachments interface allow attackers to i
6.1
MEDIUM
CVE-2022-43707
< 1.8.32
MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in the visual MyCode editor (SCEditor) allows remote attackers to injec
6.1
MEDIUM
CVE-2022-39265
< 1.8.31
MyBB is a free and open source forum software. The _Mail Settings_ - Additional Parameters for PHP's mail() function mail_paramete
7.2
HIGH
CVE-2022-24734
>= 1.2.0 and < 1.8.30
MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate se
7.2
HIGH
CVE-2021-43281
>= 1.2.0 and < 1.8.29
MyBB before 1.8.29 allows Remote Code Injection by an admin with the "Can manage settings?" permission. The Admin CP's Settings ma
7.2
HIGH
CVE-2021-41866
< 1.8.28
MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped p
5.4
MEDIUM
CVE-2020-19049
all versions
Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Description" fi
5.4
MEDIUM
CVE-2020-19048
all versions
Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Title" field fo
5.4
MEDIUM
CVE-2021-27949
< 1.8.26
Cross-site Scripting vulnerability in MyBB before 1.8.26 via Custom moderator tools.
6.1
MEDIUM
CVE-2021-27948
< 1.8.26
SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (issue 3 of 3).
7.2
HIGH
CVE-2021-27947
< 1.8.26
SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. (issue 2 of 3).
7.2
HIGH
CVE-2021-27946
< 1.8.26
SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. (issue 1 of 3).
8.8
HIGH
CVE-2021-27890
< 1.8.26
SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files.
8.8
HIGH
CVE-2021-27889
< 1.8.26
Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages.
6.1
MEDIUM
CVE-2021-27279
< 1.8.25
MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCode (aka BBCode).
5.4
MEDIUM
CVE-2020-15139
< 1.8.24
In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visual editor doesn't escape input properly when rendering HTML,
8.8
HIGH
CVE-2014-3827
< 1.8.4
Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated user
5.4
MEDIUM
CVE-2014-3826
< 1.6.13
Cross-site scripting (XSS) vulnerability in MyBB before 1.6.13 allows remote authenticated users to inject arbitrary web script or
5.4
MEDIUM
CVE-2019-20225
< 1.8.22
MyBB before 1.8.22 allows an open redirect on login.
6.1
MEDIUM
CVE-2019-12831
< 1.8.21
In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that
7.2
HIGH
CVE-2019-12830
< 1.8.21
In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode
8.7
HIGH
CVE-2019-3579
all versions
MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-re
5.3
MEDIUM
CVE-2019-3578
all versions
MyBB 1.8.19 has XSS in the resetpassword function.
6.1
MEDIUM
CVE-2018-19202
>= 1.8.0 and < 1.8.20
A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the 'upse
6.1
MEDIUM
CVE-2018-19201
< 1.8.20
A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via t
6.1
MEDIUM
CVE-2018-14724
all versions
In the Ban List plugin 1.0 for MyBB, any forum user with mod privileges can ban users and input an XSS payload into the ban reason
5.4
MEDIUM
CVE-2018-17128
< 1.8.19
A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode.
5.4
MEDIUM
CVE-2018-15596
all versions
An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL
6.1
MEDIUM
CVE-2018-1000503
< 1.8.15
MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from p
4.3
MEDIUM
CVE-2018-1000502
< 1.8.15
MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance - Task Manager - Add New Task) that
7.2
HIGH
CVE-2018-10678
all versions
MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target="_blank" rel="noopener"' in A elements, which makes it easier f
6.1
MEDIUM
CVE-2018-7305
all versions
MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitrary deletion of user accounts.
4.9
MEDIUM
CVE-2018-6844
all versions
MyBB 1.8.14 has XSS via the Title or Description field on the Edit Forum screen.
5.4
MEDIUM
CVE-2017-16781
<= 1.8.12
The installer in MyBB before 1.8.13 has XSS.
5.4
MEDIUM
CVE-2017-16780
<= 1.8.12
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.
9.8
CRITICAL
CVE-2017-8104
<= 1.8.10
In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter.
5.3
MEDIUM
CVE-2017-8103
<= 1.8.10
In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event.
6.1
MEDIUM
CVE-2017-7566
<= 1.8.10
MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism.
7.7
HIGH
CVE-2016-9421
<= 1.8.7
Cross-site scripting (XSS) vulnerability in the Users module in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8
6.1
MEDIUM
CVE-2016-9420
<= 1.8.7
MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allow remote attackers to have unspecified impact via v
9.8
CRITICAL
CVE-2016-9419
<= 1.8.7
Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge Syst
6.1
MEDIUM
CVE-2016-9418
<= 1.8.7
MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows might allow remote attackers to o
7.5
HIGH
CVE-2016-9417
<= 1.8.7
The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attacke
7.4
HIGH
CVE-2016-9416
<= 1.8.7
SQL injection vulnerability in the users data handler in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.
9.8
CRITICAL
CVE-2016-9415
<= 1.8.7
MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows allow remote attackers to overwri
7.5
HIGH
CVE-2016-9414
<= 1.8.6
MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow remote attackers to obtain sensitive information
7.5
HIGH
CVE-2016-9413
<= 1.8.6
The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to c
6.5
MEDIUM
CVE-2016-9412
<= 1.8.6
MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow attackers to have unspecified impact via vectors
9.8
CRITICAL
CVE-2016-9411
<= 1.8.6
The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to o
5.3
MEDIUM
CVE-2016-9410
<= 1.8.6
MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to obtain sensitive databa
7.5
HIGH
CVE-2016-9409
<= 1.8.6
Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge Syst
6.1
MEDIUM
CVE-2016-9408
<= 1.8.6
Cross-site scripting (XSS) vulnerability in the Mod control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System
6.1
MEDIUM
CVE-2016-9407
<= 1.8.6
Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow
6.1
MEDIUM
CVE-2016-9406
<= 1.8.6
Cross-site scripting (XSS) vulnerability in the User control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge Syste
6.1
MEDIUM
CVE-2016-9405
<= 1.8.6
Cross-site scripting (XSS) vulnerability in member validation in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System bef
6.1
MEDIUM
CVE-2016-9404
<= 1.8.6
Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow
6.1
MEDIUM
CVE-2016-9403
<= 1.8.6
newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to have unspeci
9.8
CRITICAL
CVE-2016-9402
<= 1.8.6
SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 m
9.8
CRITICAL
CVE-2015-8977
<= 1.6.17
MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtai
7.5
HIGH
CVE-2015-8976
<= 1.6.17
Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System
6.1
MEDIUM
CVE-2015-8975
<= 1.6.17
Cross-site scripting (XSS) vulnerability in the error handler in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 a
6.1
MEDIUM
CVE-2015-8974
<= 1.6.17
SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18
10.0
CRITICAL
CVE-2015-8973
<= 1.6.17
xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote at
8.3
HIGH
CVE-2015-4552
<= 1.8.4
Cross-site scripting (XSS) vulnerability in the quick edit function in xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.8.5 allo
CVE-2015-2786
<= 1.8.3
Unspecified vulnerability in MyBB (aka MyBulletinBoard) before 1.8.4 has unknown attack vectors related to "Group join request not
CVE-2015-2352
<= 1.8.3
The cache handler in MyBB (aka MyBulletinBoard) before 1.8.4 does not properly check the encoding of input to the var_export funct
CVE-2015-2335
<= 1.8.3
A JSON library in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to obtain the installation path via unknown vect
CVE-2015-2334
<= 1.8.3
Cross-site request forgery (CSRF) vulnerability in the Admin Control Panel (ACP) login in MyBB (aka MyBulletinBoard) before 1.8.4
CVE-2015-2333
<= 1.8.3
Cross-site scripting (XSS) vulnerability in the MyCode editor in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers t
CVE-2015-2332
<= 1.8.3
Cross-site scripting (XSS) vulnerability in member.php in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to injec
CVE-2015-2149
<= 1.8.3
Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in MyBB (aka MyBulletinBoard) before 1.8.4 allow
CVE-2014-9241
all versions
Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allow remote attackers to inj
CVE-2014-9240
all versions
SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbi
CVE-2014-5248
<= 1.6.14
Cross-site scripting (XSS) vulnerability in MyBB before 1.6.15 allows remote attackers to inject arbitrary web script or HTML via
CVE-2014-1840
<= 1.6.12
Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitra
CVE-2013-7288
<= 1.6.11
Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard)
CVE-2013-7275
<= 1.6.11
Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject
CVE-2013-6936
all versions
Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) all
CVE-2012-5909
all versions
SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute
CVE-2012-5908
all versions
Cross-site scripting (XSS) vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attacke
CVE-2011-5133
<= 1.6.4
Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and attack vectors, related to an "unparsed user avatar in the b
CVE-2011-5132
<= 1.6.4
Cross-site scripting (XSS) vulnerability in MyBB before 1.6.5 allows remote attackers to inject arbitrary web script or HTML via v
CVE-2011-5131
<= 1.6.4
Cross-site request forgery (CSRF) vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentic
CVE-2010-5096
<= 1.6.0
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL
CVE-2012-2327
<= 1.6.6
MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obtain sensitive information via a malformed forumread cookie,
CVE-2012-2326
<= 1.6.6
Cross-site scripting (XSS) vulnerability in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote
CVE-2012-2325
<= 1.6.6
SQL injection vulnerability in the User Inline Moderation feature in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) b
CVE-2012-2324
<= 1.6.6
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.7 allow remote administrators to execute arbitrary
CVE-2011-3759
all versions
MyBB (aka MyBulletinBoard) 1.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which
CVE-2010-4629
<= 1.4.11
MyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict uid values for group join requests, which allows remote attack
CVE-2010-4628
<= 1.4.11
member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain superfluous call to the SQL COUNT function, which allows re
CVE-2010-4627
<= 1.4.11
Cross-site request forgery (CSRF) vulnerability in usercp2.php in MyBB (aka MyBulletinBoard) before 1.4.12 allows remote attackers
CVE-2010-4626
<= 1.4.11
The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function,
CVE-2010-4625
<= 1.4.11
MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden thread
CVE-2010-4624
<= 1.4.11
MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated users to bypass intended restrictions on the number of [img]
CVE-2010-4522
all versions
Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.4.14, and 1.6.x before 1.6.1, allow remote att
CVE-2009-4813
all versions
Cross-site scripting (XSS) vulnerability in myps.php in MyBB (aka MyBulletinBoard) 1.4.10 allows remote attackers to inject arbitr
CVE-2009-4449
all versions
Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, when changing the user avat
6.5
MEDIUM
CVE-2009-4448
all versions
inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, allows remote attackers to cause a den
CVE-2008-7082
all versions
MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key parameter in URLs to moderation.php with the (1) mergeposts, (
CVE-2008-4930
all versions
MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequenc
CVE-2008-4929
all versions
MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which ma
7.5
HIGH
CVE-2008-4928
all versions
Cross-site scripting (XSS) vulnerability in the redirect function in functions.php in MyBB (aka MyBulletinBoard) 1.4.2 allows remo
CVE-2008-3967
<= 1.4.0
moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not properly check for moderator privileges, which has unknown impa
CVE-2008-3966
<= 1.4.0
Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject ar
CVE-2008-3965
<= 1.4.0
SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.4.1 allows remote attackers to execute arbitrary SQ
CVE-2008-3334
<= 1.2.13
Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTM
CVE-2008-3071
<= 1.2.12
Directory traversal vulnerability in inc/class_language.php in MyBB before 1.2.13 has unknown impact and attack vectors related to
CVE-2008-3070
<= 1.2.12
Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $
CVE-2008-3069
<= 1.2.12
Multiple cross-site scripting (XSS) vulnerabilities in MyBB before 1.2.13 allow remote attackers to inject arbitrary web script or
CVE-2008-0788
<= 1.2.11
Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2.11 and earlier allow remote attackers to (1) hijack the aut
CVE-2008-0383
<= 1.2.10
Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary
CVE-2007-0689
<= 1.2.4
MyBB 1.2.4 allows remote attackers to obtain sensitive information via the (1) action[] parameter to member.php, (2) imagehash[] p
CVE-2007-2212
all versions
Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allow remote attackers to e
CVE-2007-1964
all versions
member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password o
CVE-2007-1963
<= 1.2.3
SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier al
CVE-2007-0622
all versions
Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulletinBoard) 1.2.2 allows remote attackers to send messages to ar
CVE-2007-0544
all versions
Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject
CVE-2006-2070
all versions
Cross-site scripting (XSS) vulnerability in member.php in DevBB 1.0.0 and earlier allows remote attackers to inject arbitrary web
CVE-2006-0442
all versions
Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in MyBulletinBoard (MyBB) 1.02 allow remote attackers to inject
CVE-2006-0218
<= 1.01
Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to
CVE-2005-4199
<= 1.0
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL comman
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin