|
|
CVE Reference: CVE-2006-3758 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-3758 |
|
|
Description: inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/27445 SAID Secunia Advisory: SA20873 OSVDB 26809 MISC http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html CONFIRM http://community.mybboard.net/showthread.php?tid=10115 http://www.mybboard.com/archive.php?nid=15 |
|
| Return to the previous page. |
