KLA10465
Multiple vulnerabilities in MyBB
Updated: 06/01/2019
Detect date
?
03/18/2015
Severity
?
High
Description

Multiple serious vulnerabilities have been found in MyBB. Malicious users can exploit these vulnerabilities to obtain sensitive information or conduct cross site scrtipting.

Below is a complete list of vulnerabilities

  1. An unknown vulnerability can be exploited remotely via vectors related to JSON;
  2. CSRF vulnerability can be exploited remotely via unknown vectors;
  3. XSS vulnerability can be exploited remotely via vectors related to administrative backend;
Affected products

MyBB versions earlier than 1.8.4

Solution

Update to latest version!
Get MyBB

Original advisories

MyBB DevBlog

Impacts
?
OSI 
[?]

CI 
[?]
CVE-IDS
?
CVE-2015-23346.8High
CVE-2015-23355.0Critical
CVE-2015-23324.3Warning
CVE-2015-23334.3Warning
CVE-2015-21493.5Warning