Vulnerabilities > CVE-2010-4628 - Unspecified vulnerability in Mybb
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain superfluous call to the SQL COUNT function, which allows remote attackers to cause a denial of service (resource consumption) by making requests to member.php that trigger scans of the entire users table.
Vulnerable Configurations
References
- http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/
- http://dev.mybboard.net/issues/662
- http://openwall.com/lists/oss-security/2010/10/08/7
- http://openwall.com/lists/oss-security/2010/10/11/8
- http://openwall.com/lists/oss-security/2010/12/06/2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64514
- http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64514
- http://openwall.com/lists/oss-security/2010/12/06/2
- http://openwall.com/lists/oss-security/2010/10/11/8
- http://openwall.com/lists/oss-security/2010/10/08/7
- http://dev.mybboard.net/issues/662