Vulnerability Details : CVE-2010-4628
member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain superfluous call to the SQL COUNT function, which allows remote attackers to cause a denial of service (resource consumption) by making requests to member.php that trigger scans of the entire users table.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-4628
Probability of exploitation activity in the next 30 days: 2.09%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 88 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-4628
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
References for CVE-2010-4628
-
http://openwall.com/lists/oss-security/2010/10/08/7
oss-security - CVE request: mybb before 1.4.11 and before 1.4.12
-
http://dev.mybboard.net/issues/662
-
http://openwall.com/lists/oss-security/2010/12/06/2
oss-security - Re: CVE request: mybb before 1.4.11 and before 1.4.12
-
http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/
MyBB 1.4.12 Released – Security & Maintenance Update | MyBB BlogPatch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/64514
MyBB SQL COUNT denial of service CVE-2010-4628 Vulnerability Report
-
http://openwall.com/lists/oss-security/2010/10/11/8
oss-security - Re: CVE request: mybb before 1.4.11 and before 1.4.12
Products affected by CVE-2010-4628
- cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.00:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.04:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.02:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.03:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:mybb:mybb:1.4.6:*:*:*:*:*:*:*