Description

MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden threads, which allows remote attackers to obtain sensitive information by reading the Latest Threads block of the Portal Page.

Remediation

References

CVE-2010-4625

Related Vulnerabilities

Ruby on Rails Deserialization of Untrusted Data Vulnerability (CVE-2020-8164)

WordPress Plugin Simple Feature Requests Free Unspecified Vulnerability (1.0.4)

WordPress Plugin Easy Plugin for AdSense Cross-Site Request Forgery (6.06)

Django Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2513)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-0973)

Severity

Medium

Classification

CVE-2010-4625 CWE-200

Tags

Missing Update Known Vulnerabilities