Shodan
Vulnerabilities
Vulnerable Software
Mybb:  >> Mybb  >> 1.8.19  Security Vulnerabilities
CVE-2021-27948
SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (issue 3 of 3).
CVSS Score
7.2
EPSS Score
0.003
Published
2021-03-15
CVE-2021-27949
Cross-site Scripting vulnerability in MyBB before 1.8.26 via Custom moderator tools.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-03-15
CVE-2021-27889
Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages.
CVSS Score
6.1
EPSS Score
0.022
Published
2021-03-15
CVE-2021-27279
MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCode (aka BBCode).
CVSS Score
5.4
EPSS Score
0.004
Published
2021-02-22
CVE-2020-15139
In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active (e.g. as a post or Private Message) and operates on a maliciously crafted MyCode message. This may occur on pages where message content is pre-filled using a GET/POST parameter, or on reply pages where a previously saved malicious message is quoted. After upgrading MyBB to 1.8.24, make sure to update the version attribute in the `codebuttons` template for non-default themes to serve the latest version of the patched `jscripts/bbcodes_sceditor.js` file.
CVSS Score
8.8
EPSS Score
0.006
Published
2020-08-10
CVE-2019-20225
MyBB before 1.8.22 allows an open redirect on login.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-01-02
CVE-2019-12830
In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue.
CVSS Score
8.7
EPSS Score
0.004
Published
2019-06-15
CVE-2019-12831
In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of aaaaaaaaaaaaaaaaaaaaaaaaaa.php.css to aaaaaaaaaaaaaaaaaaaaaaaaaa.php with a 30-character limit, aka theme import stylesheet name RCE.
CVSS Score
7.2
EPSS Score
0.005
Published
2019-06-15
CVE-2019-3578
MyBB 1.8.19 has XSS in the resetpassword function.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-06-06
CVE-2019-3579
MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter.
CVSS Score
5.3
EPSS Score
0.003
Published
2019-06-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved