NVD

Id
62426  
Name
CVE-2006-3758  
Description
inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2016-12-20  
Published
2006-07-21  
Modified Date
2008-09-05  
Seq
2006-3758  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
323925 62426 CVE-2006-3758 http://community.mybboard.net/showthread.php?tid=10115  View
323926 62426 CVE-2006-3758 http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html  View
323927 62426 CVE-2006-3758 http://www.mybboard.com/archive.php?nid=15  View
323928 62426 CVE-2006-3758 mybb-index-sql-injection(27445)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
60584 JVNDB-2006-002850 MyBB の Archive Model の inc/init.php における任意の変数を上書きされる脆弱性 MyBB の Archive Model (Light) の inc/init.php は、HTTP POST および GET 変数で EXTR_OVERWRITE を伴う展開関数を呼び出しするため、任意の変数を上書きされる脆弱性が存在します。 CVE-2006-3758 19860 CVE-2006-3758 62426 7.5 http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-002850.html 2006-06-27 2012-12-20 View