Lucene search

[email protected]CVE-2005-1833

HistoryMay 31, 2005 - 4:00 a.m.

CVE-2005-1833

2005-05-3104:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-1833

mybulletinboard

mybb

sql injection

remote attackers

security vulnerabilities

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.6%

JSON

Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to online.php, (3) usersearch parameter to memberlist.php, (4) pid parameter to editpost.php, (5) fid parameter to forumdisplay.php, (6) tid parameter to newreply.php, (7) sid parameter to search.php, (8) tid or (9) pid parameter to showthread.php, (10) tid parameter to usercp2.php, (11) tid parameter to printthread.php, or (12) pid parameter to reputation.php.

CPENameOperatorVersion
mybulletinboard:mybulletinboardmybulletinboardle1.00_rc4

CPE	Name	Operator	Version
mybulletinboard:mybulletinboard	mybulletinboard	le	1.00_rc4

References

marc.info/?l=bugtraq&m=111757191118050&w=2

secunia.com/advisories/15552

www.mybboard.com/community/showthread.php?tid=2559

www.osvdb.org/17024

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.6%

JSON