Description

The cache handler in MyBB (aka MyBulletinBoard) before 1.8.4 does not properly check the encoding of input to the var_export function, which allows attackers to have an unspecified impact via unknown vectors.

Remediation

References

CVE-2015-2352

Related Vulnerabilities

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9701)

WordPress Plugin Facebook for WooCommerce Cross-Site Request Forgery (1.9.14)

TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4901)

WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (8.0.05)

WordPress Plugin All-in-One Event Calendar Multiple Cross-Site Scripting Vulnerabilities (1.5)

Severity

High

Classification

CVE-2015-2352

Tags

Missing Update Known Vulnerabilities