Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2009-4449

Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, when changing the user avatar from the gallery, allows remote authenticated users to determine the existence of files via directory traversal sequences in the avatar and possibly the gallery parameters, related to (1) admin/modules/user/users.php and (2) usercp.php.

  • Published: Dec 29, 2009
  • Updated: Apr 13, 2023
  • CVE: CVE-2009-4449
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

  • Severity: Medium
  • Score: 6.3
  • AV:N/AC:M/Au:S/C:C/I:N/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
mybboard / mybb 1.4.10 1.4.10.x