Vulnerabilities > CVE-2006-0219 - SQL Injection vulnerability in MyBB Usercp.PHP

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

mybulletinboard

NVD

Published: 2006-01-16

Updated: 2017-07-20

Summary

The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL injection attacks via an attachment name that is not properly handled by inc/functions_upload.php (CVE-2005-4602), and possibly (2) other attacks related to threadmode in usercp.php.

Vulnerable Configurations

Part	Description	Count
Application	Mybulletinboard Mybulletinboard Mybulletinboard 1.0.2 Mybulletinboard Mybulletinboard 1.0_Final Mybulletinboard Mybulletinboard 1.0_Preview_Release_2 Mybulletinboard Mybulletinboard 1.01	4

References

http://community.mybboard.net/showthread.php?tid=5853&pid=35088#pid35088
http://community.mybboard.net/showthread.php?tid=5853&pid=35151#pid35151
http://community.mybboard.net/showthread.php?tid=5960
http://www.securityfocus.com/bid/16230
https://exchange.xforce.ibmcloud.com/vulnerabilities/24115