ID CVE-2008-4930 Type cve Reporter NVD Modified 2008-11-05T00:00:00
Description
MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka "Incomplete protection against MIME-sniffing." NOTE: this could be leveraged for XSS and other attacks.
{"assessment": {"system": "", "name": "", "href": ""}, "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "type": "cve", "viewCount": 0, "bulletinFamily": "NVD", "scanner": [], "edition": 1, "cvelist": ["CVE-2008-4930"], "published": "2008-11-04T16:00:05", "objectVersion": "1.2", "history": [], "title": "CVE-2008-4930", "reporter": "NVD", "hash": "2caa031c4acc15c11bf1073d930fe80e7f92150d2150ff89334b7449317b3192", "lastseen": "2016-09-03T11:16:08", "id": "CVE-2008-4930", "description": "MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka \"Incomplete protection against MIME-sniffing.\" NOTE: this could be leveraged for XSS and other attacks.", "modified": "2008-11-05T00:00:00", "references": ["http://www.openwall.com/lists/oss-security/2008/11/01/2", "http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html", "http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html"], "cpe": ["cpe:/a:mybb:mybb:1.4.2"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4930", "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2016-09-03T11:16:08"}, "vulnersScore": 5.0}}
