Unrated severityNVD Advisory· Published Dec 13, 2005· Updated Apr 16, 2026

CVE-2005-4199

Description

Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php.

Affected products

MyBB/Mybb7 versions
cpe:2.3:a:mybb:mybb:1.0:beta4:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:mybb:mybb:1.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.0:pr1:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:*:pr2:*:*:*:*:*:*range: <=1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/18000nvdPatchVendor Advisory
www.securityfocus.com/bid/15793nvdPatch
www.trapkit.de/advisories/TKPN2005-12-001.txtnvdPatch
www.vupen.com/english/advisories/2005/2842nvdVendor Advisory
archives.neohapsis.com/archives/fulldisclosure/2005-12/0379.htmlnvd
community.mybboard.net/showthread.phpnvd
securityreason.com/securityalert/246nvd
securityreason.com/securityalert/294nvd
securitytracker.com/idnvd
www.osvdb.org/22156nvd
www.osvdb.org/22157nvd
www.osvdb.org/22158nvd
www.securityfocus.com/archive/1/419067/100/0/threadednvd
www.securityfocus.com/archive/1/420159/100/0/threadednvd
www.trapkit.de/advisories/TKADV2005-12-001.txtnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000