Vulnerability Description
MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mybb | Mybb | 1.4.2 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.htmlBroken LinkExploit
- http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.htmlBroken LinkExploit
- http://www.openwall.com/lists/oss-security/2008/11/01/2ExploitMailing List
- http://www.securityfocus.com/bid/31936Broken LinkThird Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2008/2967Broken Link
- http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.htmlBroken LinkExploit
- http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.htmlBroken LinkExploit
- http://www.openwall.com/lists/oss-security/2008/11/01/2ExploitMailing List
- http://www.securityfocus.com/bid/31936Broken LinkThird Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2008/2967Broken Link
FAQ
What is CVE-2008-4929?
CVE-2008-4929 is a vulnerability with a CVSS score of 7.5 (HIGH). MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing fil...
How severe is CVE-2008-4929?
CVE-2008-4929 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4929?
Check the references section above for vendor advisories and patch information. Affected products include: Mybb Mybb.