Vulnerabilities > Mybb > Mybb > 1.8.8

DATE CVE VULNERABILITY TITLE RISK
2017-11-10 CVE-2017-16780 Cross-Site Request Forgery (CSRF) vulnerability in Mybb
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.
network
low complexity
mybb CWE-352
7.5
7.5
2017-04-24 CVE-2017-8104 Path Traversal vulnerability in Mybb
In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter.
network
low complexity
mybb CWE-22
5.0
5.0
2017-04-24 CVE-2017-8103 Cross-site Scripting vulnerability in Mybb
In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event.
network
mybb CWE-79
4.3
4.3
2017-04-06 CVE-2017-7566 Server-Side Request Forgery (SSRF) vulnerability in Mybb
MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism.
network
low complexity
mybb CWE-918
4.0
4.0