CVE-2009-4448

Severity

50%

Complexity

99%

Confidentiality

48%

inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, allows remote attackers to cause a denial of service (CPU consumption) via a crafted request with a large year value, which triggers a long loop, as reachable through member.php and possibly other vectors.

inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, allows remote attackers to cause a denial of service (CPU consumption) via a crafted request with a large year value, which triggers a long loop, as reachable through member.php and possibly other vectors.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 15 years ago

2009-12-29 20:41:00

Last updated 14 years ago

2011-01-04 06:37:00

Affected Software

MyBB (aka MyBulletinBoard) 1.4.10

1.4.10

References

http://blog.mybboard.net/2009/12/29/mybb-1-4-11-released-minor-patch-security-update/

Patch

http://dev.mybboard.net/issues/600

Patch

http://dev.mybboard.net/projects/mybb/repository/revisions/4613/diff/branches/1.4-stable/inc/functions_time.php

[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12

[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12

[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12

37906

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.