Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0494

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-0494
Last Modified 05 Sep 2008 04:59:25
Published 31 Jan 2006 09:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2006-0494

Summary

Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.02 allows local users with MyBB administrative privileges to include and possibly execute arbitrary local files via directory traversal sequences and a nul (%00) character in the plugin parameter.

Vulnerable Systems

Application

  • Mybulletinboard 1.0.2


References

BUGTRAQ - 20060130 MyBB 1.2 Local File Incusion

XF - mybb-plugins-file-include(24461)


Last Updated: 27 May 2016 10:41:40