KLA10465
Multiple vulnerabilities in MyBB
Обновлено: 17/06/2019
Дата обнаружения
18/03/2015
Уровень угрозы
High
Описание

Multiple serious vulnerabilities have been found in MyBB. Malicious users can exploit these vulnerabilities to obtain sensitive information or conduct cross site scrtipting.

Below is a complete list of vulnerabilities

  1. An unknown vulnerability can be exploited remotely via vectors related to JSON;
  2. CSRF vulnerability can be exploited remotely via unknown vectors;
  3. XSS vulnerability can be exploited remotely via vectors related to administrative backend;
Пораженные продукты

MyBB versions earlier than 1.8.4

Решение

Update to latest version!
Get MyBB

Первичный источник обнаружения
MyBB DevBlog
Оказываемое влияние
?
OSI 
[?]

CI 
[?]
CVE-IDS
CVE-2015-23346.8High
CVE-2015-23355.0Critical
CVE-2015-23324.3Warning
CVE-2015-23334.3Warning
CVE-2015-21493.5Warning