QwikSec

Security Database

CVE

CWE

Training

CVE-2006-0219

Published: Jan 16, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL injection attacks via an attachment name that is not properly handled by inc/functions_upload.php (CVE-2005-4602), and possibly (2) other attacks related to threadmode in usercp.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://community.mybboard.net/showthread.php?tid=5960

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

http://community.mybboard.net/showthread.php?tid=5853&pid=35151#pid35151

x_refsource_MISC

mybb-usercp-script-sql-injection(24115)

vdb-entry

x_refsource_XF

http://community.mybboard.net/showthread.php?tid=5853&pid=35088#pid35088

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.