Vulnerability Database

321,491

Total vulnerabilities in the database

CVE-2008-4929

MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames.

Published: Nov 4, 2008
Updated: Nov 9, 2025
CVE: CVE-2008-4929
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-310
CWE-330

Affected Software
References

Software	From	Fixed in
mybb / mybb	1.4.2	1.4.2.x

http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html
http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html
http://www.openwall.com/lists/oss-security/2008/11/01/2
http://www.securityfocus.com/bid/31936
http://www.vupen.com/english/advisories/2008/2967

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo