CVE-2006-3954
Summary
Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action.
- LOW
- NETWORK
- NONE
- NONE
- PARTIAL
- NONE
References
Advisory Timeline
- Published