MyBB adodb_mktime()日期参数远程拒绝服务漏洞

CVE ID：CVE-2009-4448 MyBB是一款流行的基于PHP的论坛程序。 MyBB inc/functionstime.php文件中包含的adodbmktime函数在处理部分日期值时存在漏洞，攻击者提交包含超大的year参数值的报文就会触发大量循环，导致CPU负载过高造成拒绝服务攻击。 MyBB 1.4.10 用户可参考如下安全公告获得补丁信息： http://dev.mybboard.net/projects/mybb/repository/revisions/4613/diff/branches/1.4-stable/inc/functionstime.php...

CVE-2009-4448

MyBB (MyBulletinBoard) 1.4.10 and possibly earlier versions contain a DoS vulnerability in inc/functions_time.php (adodb_mktime) where processing a crafted request with a large year value triggers a long loop, leading to high CPU usage. This can be reached via member.php and potentially other vec...