QwikSec

Security Database

CVE

CWE

Training

CVE-2010-4628

Published: Dec 30, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain superfluous call to the SQL COUNT function, which allows remote attackers to cause a denial of service (resource consumption) by making requests to member.php that trigger scans of the entire users table.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/

x_refsource_CONFIRM

[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12

mailing-list

x_refsource_MLIST

[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12

mailing-list

x_refsource_MLIST

mybb-sqlcount-dos(64514)

vdb-entry

x_refsource_XF

[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12

mailing-list

x_refsource_MLIST

http://dev.mybboard.net/issues/662

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.