member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain superfluous call to the SQL COUNT function, which allows remote attackers to cause a denial of service (resource consumption) by making requests to member.php that trigger scans of the entire users table.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-12-30T20:00:00

Updated: 2024-08-07T03:51:17.919Z

Reserved: 2010-12-30T00:00:00

Link: CVE-2010-4628

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2010-12-30T21:00:02.643

Modified: 2017-08-17T01:33:16.290

Link: CVE-2010-4628

cve-icon Redhat

No data.