CVE-2006-1282

Опубликовано: 19 мар. 2006

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages.

Ссылки

http://community.mybboard.net/showthread.php?tid=7368
Patch
http://kapda.ir/advisory-295.html
Exploit
Patch
Vendor Advisory
http://myimei.com/security/2006-03-10/mybb104redirectfunctionheaderinjection.html
Exploit
http://www.securityfocus.com/archive/1/427747/100/0/threaded
http://www.securityfocus.com/bid/17097
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/25267
http://community.mybboard.net/showthread.php?tid=7368
Patch
http://kapda.ir/advisory-295.html
Exploit
Patch
Vendor Advisory
http://myimei.com/security/2006-03-10/mybb104redirectfunctionheaderinjection.html
Exploit
http://www.securityfocus.com/archive/1/427747/100/0/threaded
http://www.securityfocus.com/bid/17097
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/25267

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_final:*:*:*:*:*:*:*

cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_pr2:*:*:*:*:*:*:*

cpe:2.3:a:mybulletinboard:mybulletinboard:rc1:*:*:*:*:*:*:*

cpe:2.3:a:mybulletinboard:mybulletinboard:rc2:*:*:*:*:*:*:*

cpe:2.3:a:mybulletinboard:mybulletinboard:rc3:*:*:*:*:*:*:*

cpe:2.3:a:mybulletinboard:mybulletinboard:rc4:*:*:*:*:*:*:*

EPSS

Процентиль: 71%

0.00674

Низкий

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-h836-xp2g-fcpr

github

почти 4 года назад