Vulnerability Details : CVE-2006-0219
The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL injection attacks via an attachment name that is not properly handled by inc/functions_upload.php (CVE-2005-4602), and possibly (2) other attacks related to threadmode in usercp.php.
Vulnerability category: Sql Injection
Products affected by CVE-2006-0219
- cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_preview_release_2:*:*:*:*:*:*:*
- cpe:2.3:a:mybulletinboard:mybulletinboard:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_final:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-0219
0.31%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 66 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-0219
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2006-0219
-
http://community.mybboard.net/showthread.php?tid=5853&pid=35088#pid35088
-
http://community.mybboard.net/showthread.php?tid=5853&pid=35151#pid35151
-
http://community.mybboard.net/showthread.php?tid=5960
Patch
-
http://www.securityfocus.com/bid/16230
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/24115
Jump to