oss-sec mailing list archives

CVE request: mybb before 1.6.7

From: Hanno Böck <hanno () hboeck de>
Date: Mon, 7 May 2012 18:40:41 +0200

According to release notes
http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/
five security issues have been fixed:

SQL injection vulnerability within the Admin Control Panel (ACP) in
user search (reported by Nathan Malcolm, MyBB SQA Team)

SQL injection vulnerability within the ACP in Mail Log (reported by
Nathan Malcolm, MyBB SQA Team)

SQL injection vulnerability within the ACP in User Inline Moderation
(reported by Jammerx2, MyBB Developer)

XSS within the ACP where an orphaned attachment has a malformed
filename (reported by Nathan Malcolm, MyBB SQA Team)

Full Path Disclosure if malformed forumread cookie is used


Please assign CVEs

-- 
Hanno Böck              mail/jabber: hanno () hboeck de
GPG: BBB51E42           http://www.hboeck.de/

Attachment: signature.asc
Description:

Current thread:

CVE request: mybb before 1.6.7 Hanno Böck (May 07)
- Re: CVE request: mybb before 1.6.7 Kurt Seifried (May 07)