Vulnerabilities > CVE-2006-2908 - Unspecified vulnerability in Mybulletinboard 1.1.2

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

mybulletinboard

exploit available

NVD

Published: 2006-06-13

Updated: 2024-11-21

Summary

The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier.

Vulnerable Configurations

Part	Description	Count
Application	Mybulletinboard Mybulletinboard Mybulletinboard 1.1.2	1

Exploit-Db

description	MyBulletinBoard (MyBB) < 1.1.3 Remote Code Execution Exploit. CVE-2006-2908. Webapps exploit for php platform
id	EDB-ID:1909
last seen	2016-01-31
modified	2006-06-13
published	2006-06-13
reporter	Javier Olascoaga
source	https://www.exploit-db.com/download/1909/
title	MyBulletinBoard MyBB < 1.1.3 - Remote Code Execution Exploit

Packetstorm

data source	https://packetstormsecurity.com/files/download/47417/mybibi_pl.txt
id	PACKETSTORM:47417
last seen	2016-12-05
published	2006-06-15
reporter	Javier Olascoaga
source	https://packetstormsecurity.com/files/47417/mybibi_pl.txt.html
title	mybibi_pl.txt

Summary

Vulnerable Configurations

Exploit-Db

Packetstorm

References