Detections
Analytics
MyBB < 1.4.12 Multiple Vulnerabilities
high Nessus Network Monitor Plugin ID 5513
Synopsis
The remote web server is running a PHP application that is vulnerable to multiple attack vectors.Description
The remote web server is running a version of MyBB earlier than 1.4.12. Such versions are potentially affected by multiple issues :- There is a weakness in the mechanism for generating random passwords. (Bug 843)
- It is possible to inject arbitrary headers into email sent to MyBB users.
- An unspecified XSRF issue exists in the usercp2.php script. (Bug 852)
Solution
Upgrade to MyBB 1.4.12 or later.See Also
http://blog.mybboard.net/2010/04/13/mybb-1-4-12-released-security-maintenance-update
Plugin Details
Severity: High
ID: 5513
Family: CGI
Published: 4/19/2010
Updated: 3/6/2019
Risk Information
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: High
Base Score: 7.3
Temporal Score: 6.4
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Patch Publication Date: 4/13/2010
Vulnerability Publication Date: 4/13/2010