QwikSec

Security Database

CVE

CWE

Training

CVE-2009-4448

Published: Dec 29, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, allows remote attackers to cause a denial of service (CPU consumption) via a crafted request with a large year value, which triggers a long loop, as reachable through member.php and possibly other vectors.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12

mailing-list

x_refsource_MLIST

third-party-advisory

x_refsource_SECUNIA

[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12

mailing-list

x_refsource_MLIST

[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12

mailing-list

x_refsource_MLIST

http://dev.mybboard.net/projects/mybb/repository/revisions/4613/diff/branches/1.4-stable/inc/functions_time.php

x_refsource_CONFIRM

http://dev.mybboard.net/issues/600

x_refsource_CONFIRM

http://blog.mybboard.net/2009/12/29/mybb-1-4-11-released-minor-patch-security-update/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.