MyBB 'set_common_header()' Email BCC Header Injection Vulnerability
BID:39400
Info
MyBB 'set_common_header()' Email BCC Header Injection Vulnerability
| Bugtraq ID: | 39400 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 13 2010 12:00AM |
| Updated: | Apr 13 2010 04:33PM |
| Credit: | Stefan Esser |
| Vulnerable: |
MyBulletinBoard MyBulletinBoard 1.4.11 |
| Not Vulnerable: |
MyBulletinBoard MyBulletinBoard 1.4.12 |
Discussion
MyBB 'set_common_header()' Email BCC Header Injection Vulnerability
MyBB is prone to a vulnerability that may allow attackers to inject arbitrary BCC headers into emails sent to MyBB users.
This issue may allow attackers to obtain sensitive information.
Versions of MyBB prior to 1.4.12 are affected.
MyBB is prone to a vulnerability that may allow attackers to inject arbitrary BCC headers into emails sent to MyBB users.
This issue may allow attackers to obtain sensitive information.
Versions of MyBB prior to 1.4.12 are affected.
Exploit / POC
MyBB 'set_common_header()' Email BCC Header Injection Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
MyBB 'set_common_header()' Email BCC Header Injection Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
MyBB 'set_common_header()' Email BCC Header Injection Vulnerability
References:
References:
- MyBB 1.4.12 Released �?? Security & Maintenance Update (MyBulletinBoard)
- MyBB Password Reset Email BCC: Injection Vulnerability (Stefan Esser)
- MyBulletinBoard Homepage (MyBulletinBoard)