oss-sec mailing list archives
CVE request: mybb before 1.6.7
From: Hanno Böck <hanno () hboeck de>
Date: Mon, 7 May 2012 18:40:41 +0200
According to release notes http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/ five security issues have been fixed: SQL injection vulnerability within the Admin Control Panel (ACP) in user search (reported by Nathan Malcolm, MyBB SQA Team) SQL injection vulnerability within the ACP in Mail Log (reported by Nathan Malcolm, MyBB SQA Team) SQL injection vulnerability within the ACP in User Inline Moderation (reported by Jammerx2, MyBB Developer) XSS within the ACP where an orphaned attachment has a malformed filename (reported by Nathan Malcolm, MyBB SQA Team) Full Path Disclosure if malformed forumread cookie is used Please assign CVEs -- Hanno Böck mail/jabber: hanno () hboeck de GPG: BBB51E42 http://www.hboeck.de/
Attachment:
signature.asc
Description:
Current thread:
- CVE request: mybb before 1.6.7 Hanno Böck (May 07)
- Re: CVE request: mybb before 1.6.7 Kurt Seifried (May 07)