cpe:/a:mybb:mybb:1.2.10 CVE-2008-0383 2008-01-22T15:00:00.000-05:00 2017-08-07T21:29:31.273-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-23T10:05:00.000-05:00 ALLOWS_USER_ACCESS BUGTRAQ 20080116 [waraxe-2008-SA#062] - Multiple Sql Injections in MyBB 1.2.10 BID 27323 SECUNIA 28509 SREASON 3558 CONFIRM http://community.mybboard.net/showthread.php?tid=27227 MISC http://www.waraxe.us/advisory-62.html XF mybb-moderationphp-sql-injection(39728) XF mybb-usergroups-sql-injection(39729) Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary SQL commands via (1) the mergepost parameter in a do_mergeposts action, (2) rid parameter in an allreports action, or (3) threads parameter in a do_multimovethreads action to (a) moderation.php; or (4) gid parameter to (b) admin/usergroups.php.