VYPR

Mybb

by MyBB

Source repositories

CVEs (180)

  • CVE-2017-16780CriNov 10, 2017
    risk 0.67cvss 9.8epss 0.06

    The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.

  • CVE-2015-8974CriJan 31, 2017
    risk 0.65cvss 10.0epss 0.02

    SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2016-9420CriJan 31, 2017
    risk 0.64cvss 9.8epss 0.03

    MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allow remote attackers to have unspecified impact via vectors related to "loose comparison false positives."

  • CVE-2016-9416CriJan 31, 2017
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in the users data handler in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2016-9412CriJan 31, 2017
    risk 0.64cvss 9.8epss 0.02

    MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow attackers to have unspecified impact via vectors related to low adminsid and sid entropy.

  • CVE-2016-9403CriJan 31, 2017
    risk 0.64cvss 9.8epss 0.03

    newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to have unspecified impact by leveraging a missing permission check.

  • CVE-2016-9402CriJan 31, 2017
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2015-8973HigJan 31, 2017
    risk 0.54cvss 8.3epss 0.02

    xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to the forum password.

  • CVE-2017-7566HigApr 6, 2017
    risk 0.50cvss 7.7epss 0.02

    MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism.

  • CVE-2016-9418HigJan 31, 2017
    risk 0.49cvss 7.5epss 0.02

    MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows might allow remote attackers to obtain sensitive information from ACP backups via vectors involving a short name.

  • CVE-2016-9415HigJan 31, 2017
    risk 0.49cvss 7.5epss 0.02

    MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows allow remote attackers to overwrite arbitrary CSS files via vectors related to "style import."

  • CVE-2016-9414HigJan 31, 2017
    risk 0.49cvss 7.5epss 0.02

    MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow remote attackers to obtain sensitive information by leveraging missing directory listing protection in upload directories.

  • CVE-2016-9410HigJan 31, 2017
    risk 0.49cvss 7.5epss 0.02

    MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to obtain sensitive database information via vectors involving templates.

  • CVE-2015-8977HigJan 31, 2017
    risk 0.49cvss 7.5epss 0.02

    MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the installation path via vectors involving error log files.

  • CVE-2008-4929HigNov 4, 2008
    risk 0.49cvss 7.5epss 0.02

    MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames.

  • CVE-2016-9417HigJan 31, 2017
    risk 0.48cvss 7.4epss 0.02

    The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.

  • CVE-2018-25309HigApr 29, 2026
    risk 0.47cvss 7.2epss 0.00

    MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers can create threads with script tags in the subject parameter to execute arbitrary…

  • CVE-2018-17128MedSep 17, 2018
    risk 0.44cvss 5.4epss 0.75

    A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode.

  • CVE-2018-15596MedAug 28, 2018
    risk 0.43cvss 6.1epss 0.02

    An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles (within title elements of the generated XML documents) aren't…

  • CVE-2016-9413MedJan 31, 2017
    risk 0.42cvss 6.5epss 0.02

    The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

Page 1 of 9