7.5

CVE-2006-0219

EPSS 0.38%
Veröffentlicht 16.01.2006 21:03:00
Zuletzt bearbeitet 16.04.2026 00:27:16
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL injection attacks via an attachment name that is not properly handled by inc/functions_upload.php (CVE-2005-4602), and possibly (2) other attacks related to threadmode in usercp.php.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 8

NVD 4 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mybulletinboard ≫ Mybulletinboard Version1.0.2

Mybulletinboard ≫ Mybulletinboard Version1.0_final

Mybulletinboard ≫ Mybulletinboard Version1.0_preview_release_2

Mybulletinboard ≫ Mybulletinboard Version1.01

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.38%	0.566

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://community.mybboard.net/showthread.php?tid=5853&pid=35088#pid35088

http://community.mybboard.net/showthread.php?tid=5853&pid=35151#pid35151

http://community.mybboard.net/showthread.php?tid=5960

Patch

http://www.securityfocus.com/bid/16230

https://exchange.xforce.ibmcloud.com/vulnerabilities/24115

https://nvd.nist.gov/vuln/detail/CVE-2006-0219

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-0219

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-0219

EUVD