PT-2006-2896 · Mybb · Mybb
Devil-00
·
Published
2006-04-20
·
Updated
2018-10-18
·
CVE-2006-1912
CVSS v2.0
5.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
MyBB versions 1.1.0
Description
The issue allows remote attackers to initialize arbitrary variables due to the lack of setting the
KILL GLOBAL constant in global.php and inc/init.php. This could be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks.Recommendations
For MyBB version 1.1.0, set the
KILL GLOBAL constant in global.php and inc/init.php to prevent the initialization of arbitrary variables.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mybb