CVE-2022-43709
MEDIUMMyBB < 1.8.32 - Authenticated SQL Injection in Admin CP Users Module
Title source: llmDescription
MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings.
References (2)
Core 2
Core References
Patch, Third Party Advisory
https://github.com/mybb/mybb/security/advisories/GHSA-ggp5-454p-867v
Product
https://mybb.com
Scores
CVSS v3
4.9
EPSS
0.0065
EPSS Percentile
46.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
CWE-89
Status
published
Products (1)
mybb/mybb
< 1.8.32
Published
Nov 22, 2022
Tracked Since
Feb 18, 2026