Lucene search

[email protected]CVE-2006-1912

HistoryApr 20, 2006 - 6:06 p.m.

CVE-2006-1912

2006-04-2018:06:00

[email protected]

web.nvd.nist.gov

mybb

mybulletinboard

security vulnerability

cve-2006-1912

remote attackers

xss

sql injection

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.8 Medium

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.7%

JSON

MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks.

Affected configurations

NVD

Node

mybulletinboardmybulletinboardMatch1.10

CPENameOperatorVersion
mybulletinboard:mybulletinboardmybulletinboardeq1.10

CPE	Name	Operator	Version
mybulletinboard:mybulletinboard	mybulletinboard	eq	1.10

References

community.mybboard.net/showthread.php?tid=8232

myimei.com/security/2006-04-14/mybb110globalphpparameterextracting.html

secunia.com/advisories/19668

www.osvdb.org/24710

www.osvdb.org/24711

www.securityfocus.com/archive/1/431061/30/5580/threaded

www.vupen.com/english/advisories/2006/1381

exchange.xforce.ibmcloud.com/vulnerabilities/25865

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.8 Medium

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.7%

JSON

Related for CVE-2006-1912

nessus1 nvd1 cvelist1 prion1