Security Advisory

CVE-2006-1912

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2006-04-20 18:00:00

Last updated 2024-08-07 17:27:29

Assigner mitre

State PUBLISHED

Description

MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks.

← Browse all CVEs View on cve.org ↗