Lucene search

[email protected]CVE-2006-1912

HistoryApr 20, 2006 - 6:06 p.m.

CVE-2006-1912

2006-04-2018:06:00

[email protected]

web.nvd.nist.gov

mybb

mybulletinboard

security vulnerability

cve-2006-1912

remote attackers

xss

sql injection

6.8 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.013 Low

EPSS

Percentile

85.7%

JSON

MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks.

Affected configurations

NVD

Node

mybulletinboardmybulletinboardMatch1.10

CPENameOperatorVersion
mybulletinboard:mybulletinboardmybulletinboardeq1.10

CPE	Name	Operator	Version
mybulletinboard:mybulletinboard	mybulletinboard	eq	1.10

References

community.mybboard.net/showthread.php?tid=8232

myimei.com/security/2006-04-14/mybb110globalphpparameterextracting.html

secunia.com/advisories/19668

www.osvdb.org/24710

www.osvdb.org/24711

www.securityfocus.com/archive/1/431061/30/5580/threaded

www.vupen.com/english/advisories/2006/1381

exchange.xforce.ibmcloud.com/vulnerabilities/25865

6.8 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.013 Low

EPSS

Percentile

85.7%

JSON

Related for CVE-2006-1912

nessus1 cvelist1 prion1 nvd1