Mybulletinboard: >> Mybulletinboard >> 1.1.2 Security Vulnerabilities
The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier.
CVSS Score
7.5
EPSS Score
0.099
Published
2006-06-13
Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the do parameter.
CVSS Score
6.8
EPSS Score
0.014
Published
2006-06-12
Page 2