Vulnerabilities > Mybb > Mybb > 1.4.10
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-12-30 | CVE-2010-4628 | Unspecified vulnerability in Mybb member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain superfluous call to the SQL COUNT function, which allows remote attackers to cause a denial of service (resource consumption) by making requests to member.php that trigger scans of the entire users table. | 5.0 |
2010-12-30 | CVE-2010-4627 | Cross-Site Request Forgery (CSRF) vulnerability in Mybb Cross-site request forgery (CSRF) vulnerability in usercp2.php in MyBB (aka MyBulletinBoard) before 1.4.12 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
2010-12-30 | CVE-2010-4626 | Cryptographic Issues vulnerability in Mybb The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force attack. | 5.1 |
2010-12-30 | CVE-2010-4625 | Information Exposure vulnerability in Mybb MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden threads, which allows remote attackers to obtain sensitive information by reading the Latest Threads block of the Portal Page. | 5.0 |
2010-12-30 | CVE-2010-4624 | Permissions, Privileges, and Access Controls vulnerability in Mybb MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated users to bypass intended restrictions on the number of [img] MyCodes by editing a post after it has been created. | 3.5 |