Vulnerabilities > CVE-2006-1282 - Input Validation vulnerability in MyBB
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE network
mybulletinboard
Summary
CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages.
Vulnerable Configurations
References
- http://community.mybboard.net/showthread.php?tid=7368
- http://kapda.ir/advisory-295.html
- http://myimei.com/security/2006-03-10/mybb104redirectfunctionheaderinjection.html
- http://www.securityfocus.com/archive/1/427747/100/0/threaded
- http://www.securityfocus.com/bid/17097
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25267