Vulnerabilities > CVE-2016-9417 - Server-Side Request Forgery (SSRF) vulnerability in Mybb Merge System and Mybb
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://www.openwall.com/lists/oss-security/2016/11/10/8
- http://www.openwall.com/lists/oss-security/2016/11/10/8
- http://www.openwall.com/lists/oss-security/2016/11/18/1
- http://www.openwall.com/lists/oss-security/2016/11/18/1
- http://www.securityfocus.com/bid/94396
- http://www.securityfocus.com/bid/94396
- https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/
- https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/