Vulnerability Details CVE-2006-2333
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.1 allow remote attackers to execute arbitrary SQL commands via the e-mail address when registering for a forum that requires e-mail verification, which is not properly handled in (1) usercp.php and (2) member.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.9%
CVSS Severity
CVSS v2 Score 6.4
References
- http://myimei.com/security/2006-05-07/mybb111email-verification-in-user-activation-sql-injection-attack.html
- http://securityreason.com/securityalert/885
- http://www.securityfocus.com/archive/1/433231/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26545
- http://myimei.com/security/2006-05-07/mybb111email-verification-in-user-activation-sql-injection-attack.html
- http://securityreason.com/securityalert/885
- http://www.securityfocus.com/archive/1/433231/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26545
Products affected by CVE-2006-2333
-
cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.1