CVE-2010-4628

member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain superfluous call to the SQL COUNT function, which allows remote attackers to cause a denial of service (resource consumption) by making requests to member.php that trigger scans of the entire users table.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
mybbmybb
𝑥
≤ 1.4.11
mybbmybb
1.00
mybbmybb
1.01
mybbmybb
1.1.0
mybbmybb
1.1.1
mybbmybb
1.1.2
mybbmybb
1.1.3
mybbmybb
1.1.4
mybbmybb
1.1.5
mybbmybb
1.1.6
mybbmybb
1.1.7
mybbmybb
1.1.8
mybbmybb
1.02
mybbmybb
1.2
mybbmybb
1.2.0
mybbmybb
1.2.1
mybbmybb
1.2.2
mybbmybb
1.2.3
mybbmybb
1.2.4
mybbmybb
1.2.5
mybbmybb
1.2.6
mybbmybb
1.2.7
mybbmybb
1.2.8
mybbmybb
1.2.9
mybbmybb
1.2.10
mybbmybb
1.2.11
mybbmybb
1.2.12
mybbmybb
1.2.13
mybbmybb
1.03
mybbmybb
1.04
mybbmybb
1.4.0
mybbmybb
1.4.2
mybbmybb
1.4.3
mybbmybb
1.4.6
mybbmybb
1.4.8
mybbmybb
1.4.9
mybbmybb
1.4.10
𝑥
= Vulnerable software versions
References
http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/
http://dev.mybboard.net/issues/662
http://openwall.com/lists/oss-security/2010/10/08/7
http://openwall.com/lists/oss-security/2010/10/11/8
http://openwall.com/lists/oss-security/2010/12/06/2
https://exchange.xforce.ibmcloud.com/vulnerabilities/64514
http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/
http://dev.mybboard.net/issues/662
http://openwall.com/lists/oss-security/2010/10/08/7
http://openwall.com/lists/oss-security/2010/10/11/8
http://openwall.com/lists/oss-security/2010/12/06/2
https://exchange.xforce.ibmcloud.com/vulnerabilities/64514