Vulnerabilities > CVE-2006-1912 - Cross-Site Scripting vulnerability in Mybulletinboard 1.10
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks. Upgrade to MyBB 1.1.1
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | MyBB 1.1 Global Variable Overwrite Vulnerability. CVE-2006-1912. Webapps exploit for php platform |
id | EDB-ID:27667 |
last seen | 2016-02-03 |
modified | 2006-04-17 |
published | 2006-04-17 |
reporter | imei |
source | https://www.exploit-db.com/download/27667/ |
title | MyBB 1.1 Global Variable Overwrite Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | MYBB_GLOBAL_VARS_OVERWRITE.NASL |
description | The version of MyBB installed on the remote host is affected by a global variable overwrite vulnerability due to a failure to properly initialize global variables in the global.php script. A remote, unauthenticated attacker can exploit this issue to overwrite global variables to launch a SQL injection attack against the application, as well as other attacks using GET or POST HTTP requests. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21239 |
published | 2006-04-17 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/21239 |
title | MyBB global.php 'KILL_GLOBAL' Overwrite SQL Injection |
References
- http://community.mybboard.net/showthread.php?tid=8232
- http://myimei.com/security/2006-04-14/mybb110globalphpparameterextracting.html
- http://secunia.com/advisories/19668
- http://www.osvdb.org/24710
- http://www.osvdb.org/24711
- http://www.securityfocus.com/archive/1/431061/30/5580/threaded
- http://www.vupen.com/english/advisories/2006/1381
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25865