inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php.
References
Configurations
History
21 Nov 2024, 00:14
Type | Values Removed | Values Added |
---|---|---|
References | () http://community.mybboard.net/showthread.php?tid=10115 - | |
References | () http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html - | |
References | () http://secunia.com/advisories/20873 - Patch, Vendor Advisory | |
References | () http://www.mybboard.com/archive.php?nid=15 - | |
References | () http://www.osvdb.org/26809 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/27445 - |
Information
Published : 2006-07-21 14:03
Updated : 2024-11-21 00:14
NVD link : CVE-2006-3758
Mitre link : CVE-2006-3758
CVE.ORG link : CVE-2006-3758
JSON object : View
Products Affected
mybulletinboard
- mybulletinboard
CWE