7.5

CVE-2006-0219

EPSS 0.38%
Published 16.01.2006 21:03:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL injection attacks via an attachment name that is not properly handled by inc/functions_upload.php (CVE-2005-4602), and possibly (2) other attacks related to threadmode in usercp.php.

Affected products Warnungen 0 Metrics 2 CWE 0 References 8

Data is provided by the National Vulnerability Database (NVD)

Mybulletinboard ≫ Mybulletinboard Version1.0.2

Mybulletinboard ≫ Mybulletinboard Version1.0_final

Mybulletinboard ≫ Mybulletinboard Version1.0_preview_release_2

Mybulletinboard ≫ Mybulletinboard Version1.01

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.38%	0.566

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://community.mybboard.net/showthread.php?tid=5853&pid=35088#pid35088

http://community.mybboard.net/showthread.php?tid=5853&pid=35151#pid35151

http://community.mybboard.net/showthread.php?tid=5960

Patch

http://www.securityfocus.com/bid/16230

https://exchange.xforce.ibmcloud.com/vulnerabilities/24115

https://nvd.nist.gov/vuln/detail/CVE-2006-0219

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-0219

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-0219

EUVD