Lucene search

K
cvelistMitreCVELIST:CVE-2006-3758
HistoryJul 21, 2006 - 12:00 a.m.

CVE-2006-3758

2006-07-2100:00:00
mitre
www.cve.org
8

AI Score

7.5

Confidence

Low

EPSS

0.013

Percentile

86.1%

inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php.

AI Score

7.5

Confidence

Low

EPSS

0.013

Percentile

86.1%

Related for CVELIST:CVE-2006-3758