Vulnerability Details : CVE-2018-1000503
MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. This attack appear to be exploitable via Subscribe to a forum through IDOR. This vulnerability appears to have been fixed in 1.8.15.
Products affected by CVE-2018-1000503
- cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-1000503
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 20 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1000503
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2018-1000503
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-1000503
-
http://www.batterystapl.es/2018/03/local-file-inclusion-and-reading.html
Local File Inclusion and reading password-protected forums in MyBBThird Party Advisory
-
https://blog.mybb.com/2018/03/15/mybb-1-8-15-released-security-maintenance-release/
MyBB 1.8.15 Released — Security & Maintenance Release | MyBB BlogVendor Advisory
Jump to