DATABASE RESOURCES PRICING ABOUT US

{"id": "SECURITYVULNS:DOC:17013", "bulletinFamily": "software", "title": "[Full-disclosure] MyBB version 1.2.4 Multiple Path Disclosure Vulnerabilities", "description": "netVigilance Security Advisory #17\r\nMyBB version 1.2.4 Multiple Path Disclosure Vulnerabilities \r\nDescription:\r\nMyBB is a powerful, efficient and free forum package developed in PHP and MySQL. Full\r\ncontrol over your discussion system is presented right at the tip of your fingers,\r\nfrom multiple styles and themes to the ultimate customisation of your forums using the\r\ntemplate system.\r\nExternal References: \r\nMitre CVE: CVE-2007-0689\r\nNVD NIST: CVE-2007-0689\r\nOSVDB: 34155\r\nSummary: \r\nMyBB is a powerful, efficient and free forum package developed in PHP and MySQL. \r\nMultiple pass disclosure vulnerabilities in the product allow attackers to gather the\r\ntrue path of the server-side script. \r\nAdvisory URL: \r\nhttp://www.netvigilance.com/advisory0017\r\nRelease Date:\r\n05/13/2007\r\n \r\nSeverity:\r\nRisk: Low\r\n \r\nCVSS Metrics\r\nAccess Vector: Remote\r\nAccess Complexity: Low\r\nAuthentication: not-required\r\nConfidentiality Impact: Partial\r\nIntegrity Impact: None\r\nAvailability Impact: None\r\nImpact Bias: Normal\r\nCVSS Base Score: 2.33\r\n \r\nTarget Distribution on Internet: Medium\r\n \r\nExploitability: Functional Exploit\r\nRemediation Level: Workaround\r\nReport Confidence: Confirmed\r\n \r\nVulnerability Impact: Attack\r\nHost Impact: Path disclosure.\r\nSecureScout Testcase ID:\r\n \r\nVulnerable Systems:\r\nMyBB version 1.2.4\r\nVulnerability Type:\r\nProgram flaw - The captcha.php, member.php and event.php scripts has flaws which lead\r\nto a Warning or even Fatal Errors.\r\nVendor:\r\nMyBB\r\nVendor Status: \r\nContact with the Vendor was established and draft of the security advisory was\r\nprovided on 11 April 2007, the vendor promised to fix the issue but stopped\r\nresponding to our emails on 11 April 2007. There is no official fix at the release of\r\nthis Security Advisory \r\nWorkaround:\r\nDisable warning messages: modify in the php.ini file following line: display_errors =\r\nOff. Or modify .htaccess file (this will work only for the apache servers). \r\nExample: \r\nPath Disclosure Vulnerability 1:\r\nREQUEST:\r\nhttp://[TARGET]/[mybb-directory]/member.php?action[]=register\r\nREPLY:\r\n<br />\r\n<b>Warning</b>: Illegal offset type in unset in\r\n<b>[SERVER_PATH_TO_FILE][mybb-directory]\global.php</b> on line <b>41</b><br />\r\n<br />\r\n<b>Warning</b>: Cannot modify header information - headers already sent by (output\r\nstarted at [SERVER_PATH_TO_FILE][mybb-directory]\global.php:41) in\r\n<b>[SERVER_PATH_TO_FILE][mybb-directory]\inc\functions.php</b> on line <b>1121</b><br\r\n/>\r\nPath Disclosure Vulnerability 2:\r\nREQUEST:\r\nhttp://[TARGET]/[mybb-directory]/captcha.php?imagehash[]=123\r\nREPLY:\r\n<br />\r\n<b>Warning</b>: mysql_real_escape_string() expects parameter 1 to be string, array\r\ngiven in <b>[SERVER_PATH_TO_FILE][mybb-directory]\inc\db_mysql.php</b> on line\r\n<b>632</b><br />\r\n<br />\r\n<b>Warning</b>: Division by zero in\r\n<b>[SERVER_PATH_TO_FILE][mybb-directory]\captcha.php</b> on line <b>210</b><br />\r\n<br />\r\n<b>Warning</b>: Cannot modify header information - headers already sent by (output\r\nstarted at [SERVER_PATH_TO_FILE][mybb-directory]\inc\db_mysql.php:632) in\r\n<b>[SERVER_PATH_TO_FILE][mybb-directory]\captcha.php</b> on line <b>114</b><br />\r\n\u2030PNG\r\nPath Disclosure Vulnerability 3:\r\nREQUEST:\r\nhttp://[TARGET]/[mybb-directory]/inc/datahandlers/event.php\r\nREPLY:\r\n<br />\r\n<b>Fatal error</b>: Class 'DataHandler' not found in\r\n<b>[SERVER_PATH_TO_FILE][mybb-directory]\inc\datahandlers\event.php</b> on line\r\n<b>16</b><br />\r\nCredits: \r\nJesper Jurcenoks\r\nCo-founder netVigilance, Inc\r\nwww.netvigilance.c\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "published": "2007-05-14T00:00:00", "modified": "2007-05-14T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:17013", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2007-0689"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:22", "edition": 1, "viewCount": 54, "enchantments": {"score": {"value": -0.4, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-0689"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7709"]}], "rev": 4}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2007-0689"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7709"]}]}, "exploitation": null, "vulnersScore": -0.4}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645622223, "score": 1659803227}, "_internal": {"score_hash": "8424095f6a8082b267839b4df1de4807"}}

{"cve": [{"lastseen": "2022-03-23T11:42:01", "description": "MyBB 1.2.4 allows remote attackers to obtain sensitive information via the (1) action[] parameter to member.php, (2) imagehash[] parameter to captcha.php, and (3) a direct request to inc/datahandlers/event.php, which reveal the installation path in the resulting error message.", "cvss3": {}, "published": "2007-05-14T21:19:00", "type": "cve", "title": "CVE-2007-0689", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0689"], "modified": "2018-10-16T16:33:00", "cpe": ["cpe:/a:mybb:mybb:1.2.4"], "id": "CVE-2007-0689", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0689", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:mybb:mybb:1.2.4:*:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2021-06-08T19:06:48", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 2, "cvss3": {}, "published": "2007-05-14T00:00:00", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2007-1901", "CVE-2007-0689", "CVE-2007-1902", "CVE-2007-1903"], "modified": "2007-05-14T00:00:00", "id": "SECURITYVULNS:VULN:7709", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7709", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}