CVE-2006-1912
N/A
N/A
Summary
MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25865
- http://www.osvdb.org/24710
- http://secunia.com/advisories/19668
- http://www.vupen.com/english/advisories/2006/1381
- http://community.mybboard.net/showthread.php?tid=8232
- http://www.securityfocus.com/archive/1/431061/30/5580/threaded
- http://www.osvdb.org/24711
- http://myimei.com/security/2006-04-14/mybb110globalphpparameterextracting.html
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25865
- http://www.osvdb.org/24710
- http://secunia.com/advisories/19668
- http://www.vupen.com/english/advisories/2006/1381
- http://community.mybboard.net/showthread.php?tid=8232
- http://www.securityfocus.com/archive/1/431061/30/5580/threaded
- http://www.osvdb.org/24711
- http://myimei.com/security/2006-04-14/mybb110globalphpparameterextracting.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.