MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.00725Percentile:
0.71642
CVSS Scoring
CVSS v3.1 Score: 7.5
Severity: HIGH
Mapped CWE(s)
CWE-330
: Use of Insufficiently Random Values
All CAPEC(s)
CAPEC-112 : Brute Force
CAPEC-485 : Signature Spoofing by Key Recreation
CAPEC-59 : Session Credential Falsification through Prediction
CAPEC(s) with Mapped TTPs
CAPEC-112 : Brute Force
Mapped TTPs:
CAPEC-485 : Signature Spoofing by Key Recreation
Mapped TTPs:
Mapped ATT&CK TTPs
T1110
: Brute Force
Kill Chain: credential-access
T1552.004
: Private Keys
Kill Chain: credential-access
Malware
APTs Threat Group Associations
Campaigns
Operation Wocao SolarWinds Compromise 2016 Ukraine Electric Power Attack Operation Dream Job
Affected Products
cpe:2.3:a:mybb:mybb:1.4.2:*:*:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me