Description

The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to obtain the installation path via vectors involving sending mails.

Remediation

References

CVE-2016-9411

Related Vulnerabilities

WordPress Plugin WordPress Social Share, Social Login and Social Comments-Super Socializer Security Bypass (7.12.37)

Ruby 7PK - Security Features Vulnerability (CVE-2015-3900)

WordPress Plugin Feedify-Web Push Notifications Cross-Site Scripting (2.1.8)

XWiki Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2022-23619)

WordPress Plugin WordPress Alipay/Tenpay/PayPal SQL Injection (3.7.2)

Severity

Medium

Classification

CVE-2016-9411 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities