CVE-2008-0382

Mybulletinboard - Code Injection

Title source: rule

Description

Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Silentz · phpwebappsphp

https://www.exploit-db.com/exploits/4927

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by waraxe · textwebappsphp

https://www.exploit-db.com/exploits/4928

View Code ZIP pw:eip

References (6)

[Vendor Advisory] http://secunia.com/advisories/28509

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/486434/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/27322

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4927

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4928

[Third Party Advisory] http://securityreason.com/securityalert/3559

Scores

EPSS 0.6449

EPSS Percentile 98.5%

Details

CWE

CWE-94

Status published

Products (19)

mybulletinboard/mybulletinboard 1.0

mybulletinboard/mybulletinboard 1.0.1

mybulletinboard/mybulletinboard 1.0.2

mybulletinboard/mybulletinboard 1.0.3

mybulletinboard/mybulletinboard 1.0.4

mybulletinboard/mybulletinboard 1.0_pr2

mybulletinboard/mybulletinboard 1.1

mybulletinboard/mybulletinboard 1.1.1

mybulletinboard/mybulletinboard 1.1.2

mybulletinboard/mybulletinboard 1.1.3

... and 9 more

Published Jan 22, 2008

Tracked Since Feb 18, 2026