CVE-2006-3954

Loading...

General

Score:5.0/10.0
Severity:Medium
Category:N/A
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:None
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Published on 01/08/06 - Updated on 05/09/08

Description

Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action.

Category:

There is insufficient information about the issue to classify it; details are unknown or unspecified.

Security Notices

US National Vulnerability DatabaseCVE-2006-3954

Exploits

SecurityFocusBID-19195

Relative technologies

VendorProduct
mybulletinboardmybulletinboard

Share this vulnerability with:

Twitter Facebook LinkedIn Mail