Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4199

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-4199
Last Modified 08 Sep 2011 12:00:00
Published 13 Dec 2005 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4199

Summary

Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php.

Vulnerable Systems

Application

  • Mybb 1.0


References

MISC - http://www.trapkit.de/advisories/TKPN2005-12-001.txt

BID - 15793

BUGTRAQ - 20051209 [TKPN2005-12-001] Multiple critical vulnerabilities in MyBB

SECUNIA - 18000

VUPEN - ADV-2005-2842

MISC - http://www.trapkit.de/advisories/TKADV2005-12-001.txt

BUGTRAQ - 20051223 [TKADV2005-12-001] Multiple SQL Injection vulnerabilities in MyBB

OSVDB - 22158

OSVDB - 22157

OSVDB - 22156

SECTRACK - 1015407

SREASON - 294

SREASON - 246

CONFIRM - http://community.mybboard.net/showthread.php?tid=5184&pid=30964#pid30964


Last Updated: 27 May 2016 10:41:12