Description

MyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict uid values for group join requests, which allows remote attackers to cause a denial of service (resource consumption) by using guest access to submit join request forms for moderated groups, related to usercp.php and managegroup.php.

Remediation

References

CVE-2010-4629

Related Vulnerabilities

Joomla CVE-2006-4469 Vulnerability (CVE-2006-4469)

Apache Tomcat Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-6357)

Apache Tomcat Improper Input Validation Vulnerability (CVE-2013-4322)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2079)

Oracle JRE CVE-2020-2830 Vulnerability (CVE-2020-2830)

Severity

Medium

Classification

CVE-2010-4629 CWE-264

Tags

Missing Update Known Vulnerabilities