QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2005-4199

Back to search

CVE-2005-4199

Published: Dec 13, 2005

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php.

VendorProductVersions

n/a

n/a

affected
n/a

References

15793
vdb-entry
x_refsource_BID
22158
vdb-entry
x_refsource_OSVDB
18000
third-party-advisory
x_refsource_SECUNIA
22156
vdb-entry
x_refsource_OSVDB
246
third-party-advisory
x_refsource_SREASON
1015407
vdb-entry
x_refsource_SECTRACK
22157
vdb-entry
x_refsource_OSVDB
294
third-party-advisory
x_refsource_SREASON
ADV-2005-2842
vdb-entry
x_refsource_VUPEN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now