oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-request: MyBB before 1.6.1

From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 08 May 2012 14:39:49 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/08/2012 02:37 AM, Henri Salo wrote:

Can I get 2010 CVE-identifiers for these two vulnerabilities,
thanks.

1. MyBB search.php keywords Parameter SQL Injection

MyBB contains a flaw that may allow an attacker to carry out an SQL
injection attack. The issue is due to the search.php script not
properly sanitizing user-supplied input to the keywords parameter.
This may allow an attacker to inject or manipulate SQL queries in
the back-end database, allowing for the manipulation or disclosure
of arbitrary data."""

Reference: http://osvdb.org/show/osvdb/70013 Advisory:
http://yehg.net/lab/pr0js/advisories/%5Bmybb1.6%5D_sql_injection

2. MyBB private.php keywords Parameter SQL Injection

MyBB contains a flaw that may allow an attacker to carry out an SQL
injection attack. The issue is due to the private.php script not
properly sanitizing user-supplied input to the keywords parameter.
This may allow an attacker to inject or manipulate SQL queries in
the back-end database, allowing for the manipulation or disclosure
of arbitrary data.


Merged, same reporter, same issue type, same version #. Please use
CVE-2010-5096 for these issues.


- Henri Salo



- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPqYSVAAoJEBYNRVNeJnmTWgQP/2L9BbpAJ5tZLnD7NGNtFEee
wcfjZBbY7DhNBEVaXFwBd1HR5FM0ZBQen2NbxzhIYY2meYr4FWvxwAaLwUHy1Zmg
Lgl5vfXIKsi6tZdjwtRho+FdqN9a9Utx5vgk2VA4uVSyc8nL40ixjLJspc9tPtPV
ue8jXd4RHhY4MQeApzjSCDY+irrgddeAyQAncjE2nSKAIftWZurq9lZP4UQaXgUT
xTuxtHVkbK92zZgwPWDJE2U6el9hBNEoolGW6VcGsWdgiHgoyiI6Nlx+zJPIq4Nf
nLQHX1dhG+mcxT/RxbqxQtqywccv3FiuejxD+3JJPNcTy7jXrl/y3xQGYMtr53EW
FEVbOVR6gXh365DbDNTEgX+HJbOOo/6Mgr9rgrtBhI4LcXx+x6tXO3BCkTjtjgXG
Uc5VpBx+Uckxayx67YzXWSj/2cVrKqJGzhY0ZloHOYFLBF1DZMh0o9W6fkZFQYK9
8wa+p/Lt4kHCiPQBSLiIS2H5na8juMjVDqE5pQBeu5+kzc9Nco2sHqgFfYBwXWI0
J8c5pwlDEuwcLT+JcmkQPf/dtgwbhwcxYRyZ1t4AQ8Z+J/D8nDRYqCtiMisNYw/G
1HGpTB/vXzJYt08EiPlSX5wwRIv+2C9KKwZheir6iKZk7MAKcx6OWhDxMjMg2Zzs
mjRe+jvIUYvHWL2HO5wk
=+1R+
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: