CVE-2009-4448

Name of the Vulnerable Software and Affected Versions MyBB versions 1.4.10 and earlier

Description The issue allows remote attackers to cause a denial of service, specifically CPU consumption, via a crafted request. This request includes a large year value, which triggers a long loop. The vulnerable component is the inc/functions time.php file, and the issue can be reached through member.php and possibly other vectors.

Recommendations For MyBB versions 1.4.10 and earlier, consider restricting access to the inc/functions time.php file or the affected member.php vector to minimize the risk of exploitation. Additionally, as a temporary workaround, consider implementing input validation to limit the year value in crafted requests until a patch is available.