Vulnerability Description
MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings.
CVSS Score
4.9
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mybb | Mybb | < 1.8.32 |
Related Weaknesses (CWE)
References
- https://github.com/mybb/mybb/security/advisories/GHSA-ggp5-454p-867vPatchThird Party Advisory
- https://mybb.comProduct
- https://github.com/mybb/mybb/security/advisories/GHSA-ggp5-454p-867vPatchThird Party Advisory
- https://mybb.comProduct
FAQ
What is CVE-2022-43709?
CVE-2022-43709 is a vulnerability with a CVSS score of 4.9 (MEDIUM). MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings.
How severe is CVE-2022-43709?
CVE-2022-43709 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-43709?
Check the references section above for vendor advisories and patch information. Affected products include: Mybb Mybb.