Vulnerabilities > Mybb

DATE CVE VULNERABILITY TITLE RISK
2017-04-24 CVE-2017-8104 Path Traversal vulnerability in Mybb
In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter.
network
low complexity
mybb CWE-22
5.0
2017-04-24 CVE-2017-8103 Cross-site Scripting vulnerability in Mybb
In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event.
network
mybb CWE-79
4.3
2017-04-06 CVE-2017-7566 Server-Side Request Forgery (SSRF) vulnerability in Mybb
MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism.
network
low complexity
mybb CWE-918
4.0
2017-01-31 CVE-2016-9421 Cross-site Scripting vulnerability in Mybb Merge System and Mybb
Cross-site scripting (XSS) vulnerability in the Users module in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
mybb CWE-79
4.3
2017-01-31 CVE-2016-9420 Improper Input Validation vulnerability in Mybb Merge System and Mybb
MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allow remote attackers to have unspecified impact via vectors related to "loose comparison false positives."
network
low complexity
mybb CWE-20
7.5
2017-01-31 CVE-2016-9419 Cross-site Scripting vulnerability in Mybb
Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
mybb CWE-79
4.3
2017-01-31 CVE-2016-9418 Information Exposure vulnerability in Mybb Merge System and Mybb
MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows might allow remote attackers to obtain sensitive information from ACP backups via vectors involving a short name.
network
low complexity
mybb microsoft CWE-200
5.0
2017-01-31 CVE-2016-9417 Server-Side Request Forgery (SSRF) vulnerability in Mybb Merge System and Mybb
The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.
network
mybb CWE-918
5.8
2017-01-31 CVE-2016-9416 SQL Injection vulnerability in Mybb Merge System and Mybb
SQL injection vulnerability in the users data handler in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
mybb CWE-89
7.5
2017-01-31 CVE-2016-9415 Improper Access Control vulnerability in Mybb Merge System and Mybb
MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows allow remote attackers to overwrite arbitrary CSS files via vectors related to "style import."
network
low complexity
mybb microsoft CWE-284
5.0