CVE-2006-0219

critical

Description

The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL injection attacks via an attachment name that is not properly handled by inc/functions_upload.php (CVE-2005-4602), and possibly (2) other attacks related to threadmode in usercp.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/24115

http://www.securityfocus.com/bid/16230

http://community.mybboard.net/showthread.php?tid=5960

http://community.mybboard.net/showthread.php?tid=5853&pid=35151#pid35151

http://community.mybboard.net/showthread.php?tid=5853&pid=35088#pid35088

Details

Source: Mitre, NVD

Published: 2006-01-16

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00383