CVE-2008-4929

7.5 HIGH

Published: November 04, 2008 Modified: April 23, 2026

Description

MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html

Source: cve@mitre.org

Broken Link Exploit

http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html

Source: cve@mitre.org

Broken Link Exploit

http://www.openwall.com/lists/oss-security/2008/11/01/2

Source: cve@mitre.org

Exploit Mailing List

http://www.securityfocus.com/bid/31936

Source: cve@mitre.org

Broken Link Third Party Advisory VDB Entry

http://www.vupen.com/english/advisories/2008/2967

Source: cve@mitre.org

Broken Link

http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html