CVE-2009-4449
N/A
N/A
Summary
Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, when changing the user avatar from the gallery, allows remote authenticated users to determine the existence of files via directory traversal sequences in the avatar and possibly the gallery parameters, related to (1) admin/modules/user/users.php and (2) usercp.php.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/37489
- http://openwall.com/lists/oss-security/2010/10/08/7
- http://dev.mybboard.net/projects/mybb/repository/revisions/4663/diff/branches/1.4-stable/admin/modules/user/users.php
- http://secunia.com/advisories/37906
- http://openwall.com/lists/oss-security/2010/10/11/8
- http://dev.mybboard.net/issues/617
- http://www.vupen.com/english/advisories/2009/3651
- http://openwall.com/lists/oss-security/2010/12/06/2
- http://osvdb.org/61359
- http://blog.mybboard.net/2009/12/29/mybb-1-4-11-released-minor-patch-security-update/
- http://dev.mybboard.net/projects/mybb/repository/revisions/4663/diff/branches/1.4-stable/usercp.php
References
- http://www.securityfocus.com/bid/37489
- http://openwall.com/lists/oss-security/2010/10/08/7
- http://dev.mybboard.net/projects/mybb/repository/revisions/4663/diff/branches/1.4-stable/admin/modules/user/users.php
- http://secunia.com/advisories/37906
- http://openwall.com/lists/oss-security/2010/10/11/8
- http://dev.mybboard.net/issues/617
- http://www.vupen.com/english/advisories/2009/3651
- http://openwall.com/lists/oss-security/2010/12/06/2
- http://osvdb.org/61359
- http://blog.mybboard.net/2009/12/29/mybb-1-4-11-released-minor-patch-security-update/
- http://dev.mybboard.net/projects/mybb/repository/revisions/4663/diff/branches/1.4-stable/usercp.php
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.