Описание
MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden threads, which allows remote attackers to obtain sensitive information by reading the Latest Threads block of the Portal Page.
MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden threads, which allows remote attackers to obtain sensitive information by reading the Latest Threads block of the Portal Page.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2010-4625
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64517
- http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update
- http://community.mybb.com/thread-66255.html
- http://dev.mybboard.net/issues/809
- http://openwall.com/lists/oss-security/2010/10/08/7
- http://openwall.com/lists/oss-security/2010/10/11/8
- http://openwall.com/lists/oss-security/2010/12/06/2
Связанные уязвимости
MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden threads, which allows remote attackers to obtain sensitive information by reading the Latest Threads block of the Portal Page.