F

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.2.12 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the `options[disablesmilies]` parameter to the "private.php" endpoint. **Recommendations** For versions prior to 1.2.12, update to version 1.2.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the "private.php" endpoint or avoiding the use of the `options[disablesmilies]` parameter until the update is applied.