← back
CVE-2015-8974

CVE-2015-8974

EPSS 2.1%
SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/http://www.openwall.com/lists/oss-security/2016/11/10/8http://www.openwall.com/lists/oss-security/2016/11/18/1http://www.securityfocus.com/bid/94397