VYPR
Medium severity6.5NVD Advisory· Published Dec 29, 2009· Updated Jun 16, 2026

CVE-2009-4449

CVE-2009-4449

Description

Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, when changing the user avatar from the gallery, allows remote authenticated users to determine the existence of files via directory traversal sequences in the avatar and possibly the gallery parameters, related to (1) admin/modules/user/users.php and (2) usercp.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • MyBB/Mybb2 versions
    cpe:2.3:a:mybb:mybb:1.4.10:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:mybb:mybb:1.4.10:*:*:*:*:*:*:*
    • (no CPE)range: <=1.4.10

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.