QwikSec

Security Database

CVE

CWE

Training

CVE-2010-4629

Published: Dec 30, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

MyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict uid values for group join requests, which allows remote attackers to cause a denial of service (resource consumption) by using guest access to submit join request forms for moderated groups, related to usercp.php and managegroup.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

mybb-uid-values-dos(64513)

vdb-entry

x_refsource_XF

http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/

x_refsource_CONFIRM

[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12

mailing-list

x_refsource_MLIST

http://dev.mybboard.net/projects/mybb/repository/revisions/4856

x_refsource_CONFIRM

[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12

mailing-list

x_refsource_MLIST

http://dev.mybboard.net/issues/722

x_refsource_CONFIRM

[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.