Vulnerabilities > CVE-2006-1912 - Unspecified vulnerability in Mybulletinboard 1.10
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | MyBB 1.1 Global Variable Overwrite Vulnerability. CVE-2006-1912. Webapps exploit for php platform |
| id | EDB-ID:27667 |
| last seen | 2016-02-03 |
| modified | 2006-04-17 |
| published | 2006-04-17 |
| reporter | imei |
| source | https://www.exploit-db.com/download/27667/ |
| title | MyBB 1.1 Global Variable Overwrite Vulnerability |
Nessus
| NASL family | CGI abuses |
| NASL id | MYBB_GLOBAL_VARS_OVERWRITE.NASL |
| description | The version of MyBB installed on the remote host is affected by a global variable overwrite vulnerability due to a failure to properly initialize global variables in the global.php script. A remote, unauthenticated attacker can exploit this issue to overwrite global variables to launch a SQL injection attack against the application, as well as other attacks using GET or POST HTTP requests. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 21239 |
| published | 2006-04-17 |
| reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/21239 |
| title | MyBB global.php 'KILL_GLOBAL' Overwrite SQL Injection |
References
- http://community.mybboard.net/showthread.php?tid=8232
- http://community.mybboard.net/showthread.php?tid=8232
- http://myimei.com/security/2006-04-14/mybb110globalphpparameterextracting.html
- http://myimei.com/security/2006-04-14/mybb110globalphpparameterextracting.html
- http://secunia.com/advisories/19668
- http://secunia.com/advisories/19668
- http://www.osvdb.org/24710
- http://www.osvdb.org/24710
- http://www.osvdb.org/24711
- http://www.osvdb.org/24711
- http://www.securityfocus.com/archive/1/431061/30/5580/threaded
- http://www.securityfocus.com/archive/1/431061/30/5580/threaded
- http://www.vupen.com/english/advisories/2006/1381
- http://www.vupen.com/english/advisories/2006/1381
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25865
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25865