QwikSec

Security Database

CVE

CWE

Training

CVE-2010-4625

Published: Dec 30, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden threads, which allows remote attackers to obtain sensitive information by reading the Latest Threads block of the Portal Page.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/

x_refsource_CONFIRM

http://dev.mybboard.net/issues/809

x_refsource_CONFIRM

[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12

mailing-list

x_refsource_MLIST

[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12

mailing-list

x_refsource_MLIST

[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12

mailing-list

x_refsource_MLIST

http://community.mybb.com/thread-66255.html

x_refsource_MISC

mybb-hidden-threads-info-disc(64517)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.