Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Mybb
  • Mybb

Configuration 1 [-]

OR cpe:2.3:a:mybb:mybb:*:pr2:*:*:*:*:*:*
cpe:2.3:a:mybb:mybb:1.0:beta4:*:*:*:*:*:*
cpe:2.3:a:mybb:mybb:1.0:pr1:*:*:*:*:*:*
cpe:2.3:a:mybb:mybb:1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:mybb:mybb:1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:mybb:mybb:1.0:rc3:*:*:*:*:*:*
cpe:2.3:a:mybb:mybb:1.0:rc4:*:*:*:*:*:*

No data.

References
Link Providers
http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0379.html cve-icon cve-icon
http://community.mybboard.net/showthread.php?tid=5184&pid=30964#pid30964 cve-icon cve-icon
http://secunia.com/advisories/18000 cve-icon cve-icon
http://securityreason.com/securityalert/246 cve-icon cve-icon
http://securityreason.com/securityalert/294 cve-icon cve-icon
http://securitytracker.com/id?1015407 cve-icon cve-icon
http://www.osvdb.org/22156 cve-icon cve-icon
http://www.osvdb.org/22157 cve-icon cve-icon
http://www.osvdb.org/22158 cve-icon cve-icon
http://www.securityfocus.com/archive/1/419067/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/archive/1/420159/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/15793 cve-icon cve-icon
http://www.trapkit.de/advisories/TKADV2005-12-001.txt cve-icon cve-icon
http://www.trapkit.de/advisories/TKPN2005-12-001.txt cve-icon cve-icon
http://www.vupen.com/english/advisories/2005/2842 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-12-13T11:00:00

Updated: 2024-08-07T23:38:51.520Z

Reserved: 2005-12-13T00:00:00

Link: CVE-2005-4199

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2005-12-13T11:03:00.000

Modified: 2024-11-21T00:03:40.150

Link: CVE-2005-4199

cve-icon Redhat

No data.