CVE-2008-0383

Name of the Vulnerable Software and Affected Versions MyBB versions 1.2.10 and earlier

Description The issue allows remote moderators and administrators to execute arbitrary SQL commands. This can be achieved through several parameters in different actions, including the mergepost parameter in a do mergeposts action, the rid parameter in an allreports action, or the threads parameter in a do multimovethreads action to moderation.php, or the gid parameter to admin/usergroups.php.

Recommendations For MyBB versions 1.2.10 and earlier, consider updating to a newer version to mitigate the risk of SQL injection attacks. As a temporary workaround, restrict access to the moderation.php and admin/usergroups.php files to minimize the risk of exploitation. Avoid using the mergepost, rid, threads, and gid parameters in the affected actions until the issue is resolved.