Published: 20/04/2006 Updated: 18/10/2018

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

VMScore: 585

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote malicious users to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mybulletinboard mybulletinboard 1.10

source: wwwsecurityfocuscom/bid/17564/info MyBB is prone to a vulnerability that permits an attacker to overwrite global variables This issue is due to a design flaw in handling HTTP GET and POST variables An attacker can exploit this issue to overwrite the global variables with arbitrary input Through control of the global variables, ...

NVD-CWE-Other http://myimei.com/security/2006-04-14/mybb110globalphpparameterextracting.html http://community.mybboard.net/showthread.php?tid=8232 http://secunia.com/advisories/19668 http://www.osvdb.org/24710 http://www.osvdb.org/24711 http://www.vupen.com/english/advisories/2006/1381 https://exchange.xforce.ibmcloud.com/vulnerabilities/25865 http://www.securityfocus.com/archive/1/431061/30/5580/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/27667/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-1912

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect