Lucene search
MitreCVE-2006-3758HistoryJul 21, 2006 - 2:03 p.m.
CVE-2006-3758
2006-07-2114:03:00
mitre
web.nvd.nist.gov
30
mybb
mybulletinboard
sql injection
http post
http get
remote attack
security vulnerability
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.7
Confidence
Low
EPSS
0.013
Percentile
86.1%
inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php.
Affected configurations
Node
mybulletinboardmybulletinboardMatch1.1.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.1.4 | cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.4:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2006-3758
2006-07-21 14:03:00
CVE-2011-0752
2011-02-02 22:00:01
cvelist
cvelist
CVE-2006-3758
2006-07-21 00:00:00
CVE-2011-0752
2011-02-02 21:00:00
ubuntucve
ubuntucve
CVE-2011-0752
2011-02-02 00:00:00
prion
prion
Design/Logic Flaw
2011-02-02 22:00:00
cve
cve
CVE-2011-0752
2011-02-02 22:00:01
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.7
Confidence
Low
EPSS
0.013
Percentile
86.1%
Related for CVE-2006-3758