MyBB Versions Prior to 1.6.7 Multiple Security Vulnerabilities
BID:53417
Info
MyBB Versions Prior to 1.6.7 Multiple Security Vulnerabilities
| Bugtraq ID: | 53417 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-2324 CVE-2012-2325 CVE-2012-2326 CVE-2012-2327 |
| Remote: | Yes |
| Local: | No |
| Published: | May 08 2012 12:00AM |
| Updated: | Aug 16 2012 01:20PM |
| Credit: | Nathan Malcolm and Jammerx2 |
| Vulnerable: |
MyBB MyBB 1.6.6 MyBB MyBB 1.6.5 MyBB MyBB 1.6.4 MyBB MyBB 1.6.3 MyBB MyBB 1.6.2 MyBB MyBB 1.6.1 MyBB MyBB 1.4.16 MyBB MyBB 1.4.15 MyBB MyBB 1.4.14 MyBB MyBB 1.4.10 MyBB MyBB 1.4.9 MyBB MyBB 1.4.8 MyBB MyBB 1.4.7 MyBB MyBB 1.4.6 MyBB MyBB 1.4.5 MyBB MyBB 1.4.3 MyBB MyBB 1.4.2 MyBB MyBB 1.2.14 MyBB MyBB 1.2.12 MyBB MyBB 1.2.2 MyBB MyBB 1.2.1 MyBB MyBB 1.2 MyBB MyBB 1.6 |
| Not Vulnerable: |
MyBB MyBB 1.6.7 |
Discussion
MyBB Versions Prior to 1.6.7 Multiple Security Vulnerabilities
MyBB is prone to multiple security vulnerabilities including:
1. Multiple SQL-injection vulnerabilities
2. A cross-site scripting vulnerability
3. A path-disclosure vulnerability
Exploiting these vulnerabilities could allow an attacker to execute arbitrary script code, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database and access sensitive data which may be used to launch further attacks against a vulnerable computer.
Versions prior to MyBB 1.6.7 are vulnerable.
MyBB is prone to multiple security vulnerabilities including:
1. Multiple SQL-injection vulnerabilities
2. A cross-site scripting vulnerability
3. A path-disclosure vulnerability
Exploiting these vulnerabilities could allow an attacker to execute arbitrary script code, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database and access sensitive data which may be used to launch further attacks against a vulnerable computer.
Versions prior to MyBB 1.6.7 are vulnerable.
Exploit / POC
MyBB Versions Prior to 1.6.7 Multiple Security Vulnerabilities
Attackers can use a browser to exploit these issues. The attacker must trick an unsuspecting victim into following a malicious URI to exploit the cross-site scripting issue.
Attackers can use a browser to exploit these issues. The attacker must trick an unsuspecting victim into following a malicious URI to exploit the cross-site scripting issue.
Solution / Fix
MyBB Versions Prior to 1.6.7 Multiple Security Vulnerabilities
Solution:
Updates are available. Please see the reference for more details.
Solution:
Updates are available. Please see the reference for more details.
References
MyBB Versions Prior to 1.6.7 Multiple Security Vulnerabilities
References:
References:
- CVE request: mybb before 1.6.7 (Hanno Böck)
- MyBB 1.6.7 Release, Merge 1.6.7 & MyBB 1.8 Development (MyBB)
- MyBB Homepage (MyBB)