CVE-2006-0494

Name of the Vulnerable Software and Affected Versions MyBB version 1.02

Description A directory traversal issue allows local users with MyBB administrative privileges to include and possibly execute arbitrary local files. This is achieved through directory traversal sequences and a nul (%00) character in the plugin parameter.

Recommendations For MyBB version 1.02, as a temporary workaround, consider restricting access to the plugin parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.