Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2324

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-2324
Last Modified 29 Aug 2012 12:00:00
Published 13 Aug 2012 02:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2324

Summary

Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.7 allow remote administrators to execute arbitrary SQL commands via unspecified vectors in the (1) user search or (2) Mail Log in the Admin Control Panel (ACP).

Vulnerable Systems

Application

  • Mybb 1.0

  • Mybb 1.00

  • Mybb 1.01

  • Mybb 1.02

  • Mybb 1.03

  • Mybb 1.04

  • Mybb 1.1.0

  • Mybb 1.1.1

  • Mybb 1.1.2

  • Mybb 1.1.3

  • Mybb 1.1.4

  • Mybb 1.1.5

  • Mybb 1.1.6

  • Mybb 1.1.7

  • Mybb 1.1.8

  • Mybb 1.2.0

  • Mybb 1.2.1

  • Mybb 1.2.10

  • Mybb 1.2.11

  • Mybb 1.2.12

  • Mybb 1.2.13

  • Mybb 1.2.14

  • Mybb 1.2.2

  • Mybb 1.2.3

  • Mybb 1.2.4

  • Mybb 1.2.5

  • Mybb 1.2.6

  • Mybb 1.2.7

  • Mybb 1.2.8

  • Mybb 1.2.9

  • Mybb 1.3

  • Mybb 1.4.0

  • Mybb 1.4.1

  • Mybb 1.4.10

  • Mybb 1.4.11

  • Mybb 1.4.12

  • Mybb 1.4.13

  • Mybb 1.4.14

  • Mybb 1.4.15

  • Mybb 1.4.16

  • Mybb 1.4.2

  • Mybb 1.4.3

  • Mybb 1.4.4

  • Mybb 1.4.5

  • Mybb 1.4.6

  • Mybb 1.4.7

  • Mybb 1.4.8

  • Mybb 1.4.9

  • Mybb 1.5.1

  • Mybb 1.5.2

  • Mybb 1.6.1

  • Mybb 1.6.2

  • Mybb 1.6.3

  • Mybb 1.6.4

  • Mybb 1.6.5

  • Mybb 1.6.6


References

BID - 53417

MLIST - [oss-security] 20120507 Re: CVE request: mybb before 1.6.7

MLIST - [oss-security] 20120507 CVE request: mybb before 1.6.7

CONFIRM - http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/


Last Updated: 27 May 2016 10:51:40