Detections
Analytics

FreeBSD : mybb -- multiple vulnerabilities (beb6f4a8-add5-11de-8b55-0030843d3802)

high Nessus Plugin ID 41948

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

mybb team reports :

Input passed via avatar extensions is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by uploading specially named avatars.

The script allows to sign up with usernames containing zero width space characters, which can be exploited to e.g. conduct spoofing attacks.

Solution

Update the affected package.

See Also

http://dev.mybboard.net/issues/464

http://dev.mybboard.net/issues/418

http://www.nessus.org/u?ffbe4fb6

http://www.nessus.org/u?f9b8f04a

Plugin Details

Severity: High

ID: 41948

File Name: freebsd_pkg_beb6f4a8add511de8b550030843d3802.nasl

Version: 1.14

Type: local

Published: 10/1/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mybb, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/30/2009

Vulnerability Publication Date: 9/21/2009

Reference Information

BID: 36460

Secunia: 36803