Description

MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated users to bypass intended restrictions on the number of [img] MyCodes by editing a post after it has been created.

Remediation

References

CVE-2010-4624

Related Vulnerabilities

WordPress Plugin WP with Spritz Local/Remote File Inclusion (1.0)

WordPress Plugin Visual CSS Style Editor Security Bypass (7.1.9)

phpMyAdmin Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2016-6614)

WordPress Plugin Related YouTube Videos Cross-Site Request Forgery (1.9.8)

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17302)

Severity

Low

Classification

CVE-2010-4624 CWE-264

Tags

Missing Update Known Vulnerabilities