CVE-2005-1832

Name of the Vulnerable Software and Affected Versions MyBB versions 1.00 RC4 and earlier

Description The issue allows remote attackers to execute arbitrary web script or HTML. This can be achieved via various parameters, including forums, version, limit to "misc.php", page, datecut to "forumdisplay.php", username, email, email2 to "member.php", page, usersearch to "memberlist.php", pid, tid to "showthread.php", or tid to "printthread.php".

Recommendations For MyBB versions 1.00 RC4 and earlier, consider disabling the affected parameters to mitigate the risk of exploitation until a patch is available. Restrict access to the vulnerable API endpoints, such as "misc.php", "forumdisplay.php", "member.php", "memberlist.php", "showthread.php", and "printthread.php", to minimize the risk of exploitation. Avoid using the vulnerable parameters, including forums, version, limit, page, datecut, username, email, email2, pid, tid, and usersearch, in the affected API endpoints until the issue is resolved.