5.8

CVE-2006-1912

MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.6% 0.726
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://community.mybboard.net/showthread.php?tid=8232
http://secunia.com/advisories/19668
Vendor Advisory
http://www.vupen.com/english/advisories/2006/1381
http://myimei.com/security/2006-04-14/mybb110globalphpparameterextracting.html
http://www.osvdb.org/24710
http://www.osvdb.org/24711
http://www.securityfocus.com/archive/1/431061/30/5580/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/25865