Lucene search

[email protected]CVE-2006-3775

HistoryJul 24, 2006 - 12:19 p.m.

CVE-2006-3775

2006-07-2412:19:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2006-3775

sql injection

mybb

mybulletinboard

security vulnerability

remote code execution

nvd

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.4%

JSON

SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER[‘HTTP_CLIENT_IP’] variable), as utilized by index.php.

CPENameOperatorVersion
mybulletinboard:mybulletinboardmybulletinboardeq1.1.5

CPE	Name	Operator	Version
mybulletinboard:mybulletinboard	mybulletinboard	eq	1.1.5

References

retrogod.altervista.org/mybb_115_sql.html

secunia.com/advisories/21070

securityreason.com/securityalert/1262

www.mybboard.com/archive.php?nid=16

www.securityfocus.com/archive/1/440163/100/0/threaded

www.vupen.com/english/advisories/2006/2811

exchange.xforce.ibmcloud.com/vulnerabilities/27752

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.4%

JSON

Related for CVE-2006-3775

nessus1 cvelist2 cve1 prion1