MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9414)

Description

MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow remote attackers to obtain sensitive information by leveraging missing directory listing protection in upload directories.

Remediation

References

CVE-2016-9414

Related Vulnerabilities

XOOPS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-0611)

Jboss EAP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1048)

WebLogic CVE-2020-2798 Vulnerability (CVE-2020-2798)

WordPress Plugin Visual Form Builder Cross-Site Scripting (3.0.3)

Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-3719)

Severity

High

Classification

CVE-2016-9414 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N