Description
The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to obtain the installation path via vectors involving sending mails.
Remediation
References
Related Vulnerabilities
WordPress Plugin Profile Builder-User Profile & User Registration Forms Cross-Site Scripting (3.6.7)
SugarCRM Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3803)
MySQL CVE-2019-2539 Vulnerability (CVE-2019-2539)
WordPress Plugin PDW Media File Browser 'upload.php' Arbitrary File Upload (1.1)
Oracle Database Server CVE-2006-0286 Vulnerability (CVE-2006-0286)