PT-2005-4887 · Mybulletinboard · Mybb

Tobias Klein

Publicado

2005-12-13

Atualizado

2018-10-19

CVE-2005-4199

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions MyBulletinBoard (MyBB) versions prior to 1.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters in different actions and files, including:

month, day, and year parameters in an 'addevent' action in "calendar.php"
threadmode and showcodebuttons parameters in an 'options' action in "usercp.php"
list parameter in an 'editlists' action to "usercp.php"
rating parameter in a 'rate' action in "member.php"
rating parameter in either "showthread.php" or "ratethread.php".

Recommendations For MyBulletinBoard (MyBB) versions prior to 1.0, update to version 1.0 or later to resolve the issue.

Correção

RCE

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2005-4199

Produtos afetados

Mybb

PT-2005-4887 · Mybulletinboard · Mybb

CVE-2005-4199

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 17