PT-2006-2896 · Mybb · Mybb
Devil-00
·
Publicado
2006-04-20
·
Atualizado
2018-10-18
·
CVE-2006-1912
CVSS v2.0
5.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
MyBB versions 1.1.0
Description
The issue allows remote attackers to initialize arbitrary variables due to the lack of setting the
KILL GLOBAL constant in global.php and inc/init.php. This could be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks.Recommendations
For MyBB version 1.1.0, set the
KILL GLOBAL constant in global.php and inc/init.php to prevent the initialization of arbitrary variables.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Mybb