SQL Injection Vulnerability in MyBB Group Promotions Module

SQL Injection Vulnerability in MyBB Group Promotions Module

CVE-2015-8974 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Learn more about our Web Application Penetration Testing UK.