SQL injection vulnerability in the users data handler in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List Patch Third Party Advisory |
http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List Patch Third Party Advisory |
http://www.securityfocus.com/bid/94396 | Third Party Advisory VDB Entry |
https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/ | Release Notes Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-01-31T22:00:00
Updated: 2017-02-01T10:57:01
Reserved: 2016-11-17T00:00:00
Link: CVE-2016-9416
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-01-31T22:59:01.580
Modified: 2017-02-05T21:10:41.403
Link: CVE-2016-9416
JSON object: View
Redhat Information
No data.
CWE