Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2333

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2006-2333
Last Modified 05 Sep 2008 05:04:15
Published 11 May 2006 08:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2333

Summary

Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.1 allow remote attackers to execute arbitrary SQL commands via the e-mail address when registering for a forum that requires e-mail verification, which is not properly handled in (1) usercp.php and (2) member.php.

Vulnerable Systems

Application

  • Mybulletinboard 1.1.1


References

BUGTRAQ - 20060507 [KAPDA] MyBB1.1.1~Email Verification in User Activation ~SQL Injection Attack

MISC - http://myimei.com/security/2006-05-07/mybb111email-verification-in-user-activation-sql-injection-attack.html

XF - mybb-usercp-member-sql-injection(26545)

SREASON - 885


Last Updated: 27 May 2016 10:42:26