Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0219

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0219
Last Modified 05 Sep 2008 04:58:40
Published 16 Jan 2006 04:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0219

Summary

The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL injection attacks via an attachment name that is not properly handled by inc/functions_upload.php (CVE-2005-4602), and possibly (2) other attacks related to threadmode in usercp.php.

Vulnerable Systems

Application

  • Mybulletinboard 1.0 Final

  • Mybulletinboard 1.0 Preview Release 2

  • Mybulletinboard 1.0.2

  • Mybulletinboard 1.01


References

CONFIRM - http://community.mybboard.net/showthread.php?tid=5960

BID - 16230

MISC - http://community.mybboard.net/showthread.php?tid=5853&pid=35151#pid35151

MISC - http://community.mybboard.net/showthread.php?tid=5853&pid=35088#pid35088

XF - mybb-usercp-script-sql-injection(24115)


Last Updated: 27 May 2016 10:41:34