CVE-2006-0219

The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL injection attacks via an attachment name that is not properly handled by inc/functions_upload.php (CVE-2005-4602), and possibly (2) other attacks related to threadmode in usercp.php.

Published: Jan 16, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-0219
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mybulletinboard / mybulletinboard	1.0_final	1.0_final.x
mybulletinboard / mybulletinboard	1.01	1.01.x
mybulletinboard / mybulletinboard	1.0.2	1.0.2.x
mybulletinboard / mybulletinboard	1.0_preview_release_2	1.0_preview_release_2.x

http://community.mybboard.net/showthread.php?tid=5853&pid=35088#pid35088
http://community.mybboard.net/showthread.php?tid=5853&pid=35151#pid35151
http://community.mybboard.net/showthread.php?tid=5960
http://www.securityfocus.com/bid/16230
https://exchange.xforce.ibmcloud.com/vulnerabilities/24115

Vulnerability Database

289,784

CVE-2006-0219