MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows allow remote attackers to overwrite arbitrary CSS files via vectors related to "style import."
Max CVSS
7.5
EPSS Score
0.33%
Published
2017-01-31
Updated
2017-02-05
The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.22%
Published
2017-01-31
Updated
2017-02-05
MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow attackers to have unspecified impact via vectors related to low adminsid and sid entropy.
Max CVSS
9.8
EPSS Score
0.48%
Published
2017-01-31
Updated
2017-02-05
xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to the forum password.
Max CVSS
8.3
EPSS Score
0.25%
Published
2017-01-31
Updated
2017-02-05
4 vulnerabilities found