CVE-2014-9240

Name of the Vulnerable Software and Affected Versions MyBB versions 1.8.x before 1.8.2

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the question id parameter in a "do register" action.

Recommendations For MyBB versions 1.8.x before 1.8.2, update to version 1.8.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the member.php file or avoiding the use of the question id parameter in the "do register" action until the update is applied.