CVE DATABASE / CVE-2008-4929
CVE-2008-4929
CVSS 7.5 · HIGH
Summary
MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames.
CVSS 3.1 breakdown
| Base score | 7.5 (HIGH) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | NONE |
| Availability | NONE |
Weakness type (CWE)
Affected products
Mybb mybb
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html
- http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html
- http://www.openwall.com/lists/oss-security/2008/11/01/2
- http://www.securityfocus.com/bid/31936
- http://www.vupen.com/english/advisories/2008/2967
Data: NIST NVD. NVD last modified 2026-04-23. Always verify against the vendor advisory before acting.