FreeBSD : mybb -- multiple vulnerabilities (beb6f4a8-add5-11de-8b55-0030843d3802)

High Nessus Plugin ID 41948


The remote FreeBSD host is missing a security-related update.


mybb team reports :

Input passed via avatar extensions is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by uploading specially named avatars.

The script allows to sign up with usernames containing zero width space characters, which can be exploited to e.g. conduct spoofing attacks.


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 41948

File Name: freebsd_pkg_beb6f4a8add511de8b550030843d3802.nasl

Version: $Revision: 1.11 $

Type: local

Published: 2009/10/01

Modified: 2015/01/19

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 7.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mybb, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/09/30

Vulnerability Publication Date: 2009/09/21

Reference Information

BID: 36460

Secunia: 36803