[VIM] Vendor ACK of MyBB issue
Steven M. Christey
coley at mitre.org
Tue Nov 22 19:41:53 EST 2005
Vendor acknowledgement of CVE-2005-3326 (usercp.php?awayday SQL
injection in MyBB) is at:
http://community.mybboard.net/showthread.php?tid=4507&pid=27223#pid27223
along with a small reference to a DoS, which is alluded to in
SECUNIA:17577.
The forum post "MyBB PR2 Security Update [1/11/05]" identifies "The
major security issue could allow your board to be compromised via an
SQL injection based vulnerability... discovered on the 26th
October..." and includes usercp.php in the patched files, which shows
cleansing of the awayday parameter. The date also aligns with the
Bugtraq post.
- Steve
More information about the VIM
mailing list