CVE-2022-43709

Name of the Vulnerable Software and Affected Versions MyBB version 1.8.31

Description The issue allows remote authenticated users to modify the query string via direct user input or stored search filter settings in the Admin CP's Users module, resulting in a SQL injection vulnerability.

Recommendations For MyBB version 1.8.31, consider restricting access to the Admin CP's Users module until a patch is available. As a temporary workaround, avoid using direct user input or stored search filter settings in the affected module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.