CVE Vulnerabilities

CVE-2010-4628

Published: Dec 30, 2010 | Modified: Aug 17, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain superfluous call to the SQL COUNT function, which allows remote attackers to cause a denial of service (resource consumption) by making requests to member.php that trigger scans of the entire users table.

Affected Software

Name Vendor Start Version End Version
Mybb Mybb 1.00 1.00
Mybb Mybb 1.01 1.01
Mybb Mybb 1.1.0 1.1.0
Mybb Mybb 1.1.1 1.1.1
Mybb Mybb 1.1.2 1.1.2
Mybb Mybb 1.1.3 1.1.3
Mybb Mybb 1.1.4 1.1.4
Mybb Mybb 1.1.5 1.1.5
Mybb Mybb 1.1.6 1.1.6
Mybb Mybb 1.1.7 1.1.7
Mybb Mybb 1.1.8 1.1.8
Mybb Mybb 1.02 1.02
Mybb Mybb 1.2 1.2
Mybb Mybb 1.2.0 1.2.0
Mybb Mybb 1.2.1 1.2.1
Mybb Mybb 1.2.2 1.2.2
Mybb Mybb 1.2.3 1.2.3
Mybb Mybb 1.2.4 1.2.4
Mybb Mybb 1.2.5 1.2.5
Mybb Mybb 1.2.6 1.2.6
Mybb Mybb 1.2.7 1.2.7
Mybb Mybb 1.2.8 1.2.8
Mybb Mybb 1.2.9 1.2.9
Mybb Mybb 1.2.10 1.2.10
Mybb Mybb 1.2.11 1.2.11
Mybb Mybb 1.2.12 1.2.12
Mybb Mybb 1.2.13 1.2.13
Mybb Mybb 1.03 1.03
Mybb Mybb 1.04 1.04
Mybb Mybb 1.4.0 1.4.0
Mybb Mybb 1.4.2 1.4.2
Mybb Mybb 1.4.3 1.4.3
Mybb Mybb 1.4.6 1.4.6
Mybb Mybb 1.4.8 1.4.8
Mybb Mybb 1.4.9 1.4.9
Mybb Mybb 1.4.10 1.4.10
Mybb Mybb * 1.4.11

References