CVE-2006-3758

inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.4:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-07-21 14:03

Updated : 2024-02-28 10:42


NVD link : CVE-2006-3758

Mitre link : CVE-2006-3758

CVE.ORG link : CVE-2006-3758


JSON object : View

Products Affected

mybulletinboard

  • mybulletinboard