ID CVE-2008-4930 Type cve Reporter cve@mitre.org Modified 2008-11-05T05:00:00
Description
MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka "Incomplete protection against MIME-sniffing." NOTE: this could be leveraged for XSS and other attacks.
{"id": "CVE-2008-4930", "bulletinFamily": "NVD", "title": "CVE-2008-4930", "description": "MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka \"Incomplete protection against MIME-sniffing.\" NOTE: this could be leveraged for XSS and other attacks.", "published": "2008-11-04T21:00:00", "modified": "2008-11-05T05:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4930", "reporter": "cve@mitre.org", "references": ["http://www.openwall.com/lists/oss-security/2008/11/01/2", "http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html", "http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html"], "cvelist": ["CVE-2008-4930"], "type": "cve", "lastseen": "2019-05-29T18:09:29", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "f6530fa100dc1ee7ab468d7cb921c6f5"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "48f3fcc7aff4d3783f905b2dd9c2553e"}, {"key": "cpe23", "hash": "48d5e68ff972afc6b5f506ad80d80169"}, {"key": "cvelist", "hash": "6ddb38732a6cfa99e892a70a3fa78f27"}, {"key": "cvss", "hash": "b5bbdd851ff7634dd01c09e00d03be1e"}, {"key": "cvss2", "hash": "e2b44d17a049a159a684c7e2b843b3fa"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "226da5129ffaaee3d5b48e506b957d58"}, {"key": "description", "hash": "8d7767d878f72c31ce7c7587dddccf6f"}, {"key": "href", "hash": "98f12db73e76fc3af1ce9c711ccfb38e"}, {"key": "modified", "hash": "510a87b7e3ce61f628ad52e68e8e5461"}, {"key": "published", "hash": "6aee7c036dbc755c70ed5a38638c5362"}, {"key": "references", "hash": "4b86c61df01fee799e1dcc4c094c7591"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "f4878521f3098df46d44724432242d85"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "e04d05f1da45a018257b6b89904d3e0447b51c64ceef9b1c9feae764a15cc4f5", "viewCount": 0, "enchantments": {"score": {"value": 4.1, "vector": "NONE", "modified": "2019-05-29T18:09:29"}, "dependencies": {"references": [], "modified": "2019-05-29T18:09:29"}, "vulnersScore": 4.1}, "objectVersion": "1.3", "cpe": ["cpe:/a:mybb:mybb:1.4.2"], "affectedSoftware": [{"name": "mybb mybb", "operator": "eq", "version": "1.4.2"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:mybb:mybb:1.4.2:*:*:*:*:*:*:*"], "cwe": ["CWE-20"]}
