CVE-2008-4930

Published: Nov 4, 2008Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka "Incomplete protection against MIME-sniffing." NOTE: this could be leveraged for XSS and other attacks.

Affected (1)

Products: Mybb: Mybb

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mybb Mybb	Version 1.4.2

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html

Source: cve@mitre.org

http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2008/11/01/2

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2008/11/01/2

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.