Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0787

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2008-0787
Last Modified 15 Sep 2009 01:11:48
Published 14 Feb 2008 08:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-0787

Summary

SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php.

Vulnerable Systems

Application

  • Mybulletinboard 1.0

  • Mybulletinboard 1.0 Pr2

  • Mybulletinboard 1.0.1

  • Mybulletinboard 1.0.2

  • Mybulletinboard 1.0.3

  • Mybulletinboard 1.0.4

  • Mybulletinboard 1.1

  • Mybulletinboard 1.1.1

  • Mybulletinboard 1.1.2

  • Mybulletinboard 1.1.3

  • Mybulletinboard 1.1.4

  • Mybulletinboard 1.1.5

  • Mybulletinboard 1.1.6

  • Mybulletinboard 1.1.7

  • Mybulletinboard 1.1.8

  • Mybulletinboard 1.10

  • Mybulletinboard 1.2

  • Mybulletinboard 1.2.10

  • Mybulletinboard 1.2.11

  • Mybulletinboard 1.2.3

  • Mybulletinboard 1.2.5

  • Mybulletinboard Rc1

  • Mybulletinboard Rc2

  • Mybulletinboard Rc3

  • Mybulletinboard Rc4


References

BID - 27378

CONFIRM - http://community.mybboard.net/showthread.php?tid=27675

MISC - http://www.waraxe.us/advisory-64.html

VUPEN - ADV-2008-0238

SECTRACK - 1019257

BUGTRAQ - 20080121 [waraxe-2008-SA#064] - Sql Injection in MyBB 1.2.11

MILW0RM - 5070

SECUNIA - 28572


Last Updated: 27 May 2016 10:46:56