Vulnerabilities > CVE-2006-3954 - Unspecified vulnerability in Mybulletinboard

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

mybulletinboard

NVD

Published: 2006-08-01

Updated: 2024-11-21

Summary

Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action.

Vulnerable Configurations

Part	Description	Count
Application	Mybulletinboard Mybulletinboard Mybulletinboard 1.10 Mybulletinboard Mybulletinboard 1.14 Mybulletinboard Mybulletinboard 1.0_Final Mybulletinboard Mybulletinboard 1.1.1 Mybulletinboard Mybulletinboard 1.0_Rc4 Mybulletinboard Mybulletinboard 1.00_Rc4 Mybulletinboard Mybulletinboard 1.00_Rc3 Mybulletinboard Mybulletinboard 1.1.3 Mybulletinboard Mybulletinboard 1.20 Mybulletinboard Mybulletinboard 1.0.3 Mybulletinboard Mybulletinboard 1.00_Rc4_Security_Patch Mybulletinboard Mybulletinboard 1.04 Mybulletinboard Mybulletinboard 1.01 Mybulletinboard Mybulletinboard 1.00_Rc1 Mybulletinboard Mybulletinboard 1.1.5 Mybulletinboard Mybulletinboard 1.0_Pr2 Mybulletinboard Mybulletinboard 1.00_Rc2 Mybulletinboard Mybulletinboard 1.1 Mybulletinboard Mybulletinboard 1.1.4 Mybulletinboard Mybulletinboard 1.0.1 Mybulletinboard Mybulletinboard 1.0.4 Mybulletinboard Mybulletinboard 1.1.2 Mybulletinboard Mybulletinboard 1.0.2 Mybulletinboard Mybulletinboard 1.0_Rc2 Mybulletinboard Mybulletinboard 1.1.7 Mybulletinboard Mybulletinboard 1.0_Preview_Release_2	26

Summary

Vulnerable Configurations

References