High severity7.5NVD Advisory· Published Nov 4, 2008· Updated Apr 23, 2026

CVE-2008-4929

Description

MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames.

Affected products

MyBB/Mybb
cpe:2.3:a:mybb:mybb:1.4.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

archives.neohapsis.com/archives/bugtraq/2008-10/0203.htmlnvdBroken LinkExploit
archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.htmlnvdBroken LinkExploit
www.openwall.com/lists/oss-security/2008/11/01/2nvdExploitMailing List
www.securityfocus.com/bid/31936nvdBroken LinkThird Party AdvisoryVDB Entry
www.vupen.com/english/advisories/2008/2967nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000