Description

The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to obtain the installation path via vectors involving sending mails.

Remediation

References

CVE-2016-9411

Related Vulnerabilities

WordPress Plugin Community by PeepSo-Social Network, Membership, Registration, User Profiles Multiple Vulnerabilities (1.11.5)

PrestaShop Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3796)

WordPress Plugin Stock in & out Cross-Site Scripting (1.0.4)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-28979)

WordPress Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-6762)

Severity

Medium

Classification

CVE-2016-9411 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities