Описание
MyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict uid values for group join requests, which allows remote attackers to cause a denial of service (resource consumption) by using guest access to submit join request forms for moderated groups, related to usercp.php and managegroup.php.
MyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict uid values for group join requests, which allows remote attackers to cause a denial of service (resource consumption) by using guest access to submit join request forms for moderated groups, related to usercp.php and managegroup.php.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2010-4629
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64513
- http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update
- http://dev.mybboard.net/issues/722
- http://dev.mybboard.net/projects/mybb/repository/revisions/4856
- http://openwall.com/lists/oss-security/2010/10/08/7
- http://openwall.com/lists/oss-security/2010/10/11/8
- http://openwall.com/lists/oss-security/2010/12/06/2
EPSS
CVE ID
Связанные уязвимости
MyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict uid values for group join requests, which allows remote attackers to cause a denial of service (resource consumption) by using guest access to submit join request forms for moderated groups, related to usercp.php and managegroup.php.
EPSS