Description

MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames.

Remediation

References

CVE-2008-4929

Related Vulnerabilities

ATutor Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-3368)

TYPO3 CVE-2023-38499 Vulnerability (CVE-2023-38499)

WordPress Plugin GB Gallery Slideshow SQL Injection (1.2)

Oracle Database Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2007-0272)

WordPress Plugin Event Calendar WD-Responsive Event Calendar Multiple Cross-Site Scripting Vulnerabilities (1.1.21)

Severity

Medium

Classification

CVE-2008-4929

Tags

Missing Update Known Vulnerabilities