| VID |
210092 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The MyBulletinBoard program is vulnerable to a command execution vulnerability via the 'forumdisplay.php' script. MyBulletinBoard is a freely available forum package developed in PHP and MYSQL. MyBulletinBoard version 1.2.10 and earlier versions could allow a remote attacker to execute arbitrary commands, caused by improper validation of user-supplied input passed to the 'sortby' parameter of the 'forumdisplay.php' script before being used in an eval() function call. A remote attacker could exploit this vulnerability to inject and execute arbitrary commands with the privileges of the web server. In addition, the installed version might be vulnerable to an SQL injection vulnerability in the 'moderation.php' script and to a command execution vulnerability the 'search.php' script.
* References:
http://community.mybboard.net/showthread.php?tid=27227
http://www.waraxe.us/advisory-61.html
http://www.securityfocus.com/archive/1/486434/30/0/threaded
http://www.milw0rm.com/exploits/4927
http://www.milw0rm.com/exploits/4928
http://secunia.com/advisories/28509
* Platforms Affected:
MyBB Group, MyBulletinBoard versions 1.2.10 and earlier
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of MyBB (1.2.11 or later), available from the MyBB Download Web site at http://www.mybb.com/downloads |
| Related URL |
CVE-2008-0382 (CVE) |
| Related URL |
27322 (SecurityFocus) |
| Related URL |
39738 (ISS) |
|
