MyBB Multiple Security Vulnerabilities
BID:50816
Info
MyBB Multiple Security Vulnerabilities
| Bugtraq ID: | 50816 |
| Class: | Input Validation Error |
| CVE: |
CVE-2011-5131 CVE-2011-5133 CVE-2011-5132 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 25 2011 12:00AM |
| Updated: | Apr 13 2015 09:05PM |
| Credit: | labrocca, Will G, Nathan Malcolm |
| Vulnerable: |
MyBB MyBB 1.6.4 MyBB MyBB 1.6.3 MyBB MyBB 1.6.2 MyBB MyBB 1.6.1 MyBB MyBB 1.6 |
| Not Vulnerable: |
MyBB MyBB 1.6.5 |
Discussion
MyBB Multiple Security Vulnerabilities
MyBB is prone to a cross-site scripting vulnerability, a cross-site request-forgery vulnerability, and an unspecified vulnerability.
An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, disclose or modify sensitive information, or perform unauthorized actions. Other attacks are also possible.
Versions prior to MyBB 1.6.5 are vulnerable.
MyBB is prone to a cross-site scripting vulnerability, a cross-site request-forgery vulnerability, and an unspecified vulnerability.
An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, disclose or modify sensitive information, or perform unauthorized actions. Other attacks are also possible.
Versions prior to MyBB 1.6.5 are vulnerable.
Exploit / POC
MyBB Multiple Security Vulnerabilities
To exploit these issues, an attacker must entice an unsuspecting victim to follow a malicious URI or visit a malicious website.
To exploit these issues, an attacker must entice an unsuspecting victim to follow a malicious URI or visit a malicious website.
Solution / Fix
MyBB Multiple Security Vulnerabilities
Solution:
Updates are available. Please see the references for more details.
Solution:
Updates are available. Please see the references for more details.
References
MyBB Multiple Security Vulnerabilities
References:
References:
- MyBB Homepage (MyBB)
- CSRF vulnerability in ?language= (Diogo Parrinha)
- MyBB 1.6.5 Released �?? Feature Update, Security & Maintenance Release (Mybb)