CVE-2006-1282

Name of the Vulnerable Software and Affected Versions MyBulletinBoard (MyBB) version 1.04

Description A CRLF injection issue allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the referrer HTTP header field, possibly when redirecting to other web pages.

Recommendations For MyBB version 1.04, consider updating to a newer version that addresses this issue, as using CRLF sequences in the referrer header can lead to security problems. As a temporary workaround, restrict the use of the referrer header in the affected inc/function.php file until a patch is available.