CVE-2008-0787

Mybulletinboard - SQL Injection

Title source: rule

Description

SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by F · perlwebappsphp

https://www.exploit-db.com/exploits/5070

View Code ZIP pw:eip

References (8)

[Exploit] http://www.waraxe.us/advisory-64.html

[Exploit, Patch] http://www.securityfocus.com/bid/27378

[Vendor Advisory] http://secunia.com/advisories/28572/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/486763/100/200/threaded

[Patch] http://community.mybboard.net/showthread.php?tid=27675

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1019257

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/5070

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/0238

Scores

EPSS 0.0181

EPSS Percentile 82.9%

Details

CWE

CWE-89

Status published

Products (25)

mybulletinboard/mybulletinboard 1.0

mybulletinboard/mybulletinboard 1.0.1

mybulletinboard/mybulletinboard 1.0.2

mybulletinboard/mybulletinboard 1.0.3

mybulletinboard/mybulletinboard 1.0.4

mybulletinboard/mybulletinboard 1.0_pr2

mybulletinboard/mybulletinboard 1.1

mybulletinboard/mybulletinboard 1.1.1

mybulletinboard/mybulletinboard 1.1.2

mybulletinboard/mybulletinboard 1.1.3

... and 15 more

Published Feb 15, 2008

Tracked Since Feb 18, 2026