Lucene search
HistoryJan 22, 2008 - 8:00 p.m.
CVE-2008-0382
cve-2008-0382
mybb
eval injection
vulnerability
remote code execution
forumdisplay.php
search.php
7.9 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.66 Medium
EPSS
Percentile
97.9%
Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php.
Affected configurations
Node
mybulletinboardmybulletinboardMatch1.0
ORmybulletinboardmybulletinboardMatch1.0.1
ORmybulletinboardmybulletinboardMatch1.0.2
ORmybulletinboardmybulletinboardMatch1.0.3
ORmybulletinboardmybulletinboardMatch1.0.4
ORmybulletinboardmybulletinboardMatch1.0_pr2
ORmybulletinboardmybulletinboardMatch1.1
ORmybulletinboardmybulletinboardMatch1.1.1
ORmybulletinboardmybulletinboardMatch1.1.2
ORmybulletinboardmybulletinboardMatch1.1.3
ORmybulletinboardmybulletinboardMatch1.1.4
ORmybulletinboardmybulletinboardMatch1.1.5
ORmybulletinboardmybulletinboardMatch1.1.7
ORmybulletinboardmybulletinboardMatch1.1.8
ORmybulletinboardmybulletinboardMatch1.2
ORmybulletinboardmybulletinboardMatch1.2.3
ORmybulletinboardmybulletinboardMatch1.2.5
ORmybulletinboardmybulletinboardMatch1.2.10
ORmybulletinboardmybulletinboardMatch1.10
Related
canvas
canvas
Immunity Canvas: PHPMYBB1210_INCLUDE
2008-01-22 20:00:00
prion
prion
Sql injection
2008-01-22 20:00:00
nvd
nvd
CVE-2008-0382
2008-01-22 20:00:00
nessus
nessus
MyBB forumdisplay.php 'sortby' Parameter Arbitrary PHP Code Execution
2008-01-17 00:00:00
cvelist
cvelist
CVE-2008-0382
2008-01-22 19:00:00
7.9 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.66 Medium
EPSS
Percentile
97.9%
Related for CVE-2008-0382