Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-5096

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2010-5096
Last Modified 14 Aug 2012 12:00:00
Published 13 Aug 2012 07:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2010-5096

Summary

** DISPUTED ** Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php. NOTE: the vendor disputes this issue, saying "Although this doesn't lead to an SQL injection, it does provide a general MyBB SQL error."

Vulnerable Systems

Application

  • Mybb 1.0

  • Mybb 1.00

  • Mybb 1.01

  • Mybb 1.02

  • Mybb 1.03

  • Mybb 1.04

  • Mybb 1.1.0

  • Mybb 1.1.1

  • Mybb 1.1.2

  • Mybb 1.1.3

  • Mybb 1.1.4

  • Mybb 1.1.5

  • Mybb 1.1.6

  • Mybb 1.1.7

  • Mybb 1.1.8

  • Mybb 1.2

  • Mybb 1.2.0

  • Mybb 1.2.1

  • Mybb 1.2.10

  • Mybb 1.2.11

  • Mybb 1.2.12

  • Mybb 1.2.13

  • Mybb 1.2.14

  • Mybb 1.2.2

  • Mybb 1.2.3

  • Mybb 1.2.4

  • Mybb 1.2.5

  • Mybb 1.2.6

  • Mybb 1.2.7

  • Mybb 1.2.8

  • Mybb 1.2.9

  • Mybb 1.3

  • Mybb 1.4.0

  • Mybb 1.4.1

  • Mybb 1.4.10

  • Mybb 1.4.11

  • Mybb 1.4.12

  • Mybb 1.4.13

  • Mybb 1.4.14

  • Mybb 1.4.15

  • Mybb 1.4.16

  • Mybb 1.4.2

  • Mybb 1.4.3

  • Mybb 1.4.4

  • Mybb 1.4.5

  • Mybb 1.4.6

  • Mybb 1.4.7

  • Mybb 1.4.8

  • Mybb 1.4.9

  • Mybb 1.5.1

  • Mybb 1.5.2

  • Mybb 1.6.0

  • Mybboard Mybb 1.4.10

  • Mybboard Mybb 1.4.3


References

BID - 45565

OSVDB - 70014

OSVDB - 70013

MLIST - [oss-security] 20120508 Re: CVE-request: MyBB before 1.6.1

MLIST - [oss-security] 20120508 CVE-request: MyBB before 1.6.1

MLIST - [oss-security] 20120325 Re: CVE-request: MyBB 1.6 <= SQL Injection

MLIST - [oss-security] 20120323 CVE-request: MyBB 1.6 <= SQL Injection

MISC - http://dev.mybb.com/issues/1330


Last Updated: 27 May 2016 10:51:40