Description

The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to obtain the installation path via vectors involving sending mails.

Remediation

References

CVE-2016-9411

Related Vulnerabilities

OpenVPN AS Resource Management Errors Vulnerability (CVE-2014-8104)

XOOPS Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-4851)

WordPress Plugin Contact Form by BestWebSoft Cross-Site Scripting (4.0.1)

WordPress CVE-2012-2400 Vulnerability (CVE-2012-2400)

PHP Out-of-bounds Read Vulnerability (CVE-2019-11047)

Severity

Medium

Classification

CVE-2016-9411 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities