Vulnerabilities > CVE-2007-0689 - Information Disclosure vulnerability in MyBB

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

mybb

NVD

Published: 2007-05-14

Updated: 2018-10-16

Summary

MyBB 1.2.4 allows remote attackers to obtain sensitive information via the (1) action[] parameter to member.php, (2) imagehash[] parameter to captcha.php, and (3) a direct request to inc/datahandlers/event.php, which reveal the installation path in the resulting error message.

Vulnerable Configurations

Part	Description	Count
Application	Mybb Mybb Mybb 1.0 Mybb Mybb 1.00 Mybb Mybb 1.0.2 Mybb Mybb 1.01 Mybb Mybb 1.1.0 Mybb Mybb 1.1.1 Mybb Mybb 1.1.2 Mybb Mybb 1.1.3 Mybb Mybb 1.1.4 Mybb Mybb 1.1.5 Mybb Mybb 1.1.6 Mybb Mybb 1.1.7 Mybb Mybb 1.1.8 Mybb Mybb 1.02 Mybb Mybb 1.2 Mybb Mybb 1.2.0 Mybb Mybb 1.2.1 Mybb Mybb 1.2.2 Mybb Mybb 1.2.3 Mybb Mybb 1.2.4	27

References

http://marc.info/?l=full-disclosure&m=117909973216181&w=2
http://osvdb.org/35548
http://osvdb.org/35549
http://www.netvigilance.com/advisory0017
http://www.osvdb.org/34155
http://www.securityfocus.com/archive/1/468549/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/34336