Description

MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows might allow remote attackers to obtain sensitive information from ACP backups via vectors involving a short name.

Remediation

References

CVE-2016-9418

Related Vulnerabilities

PHP Other Vulnerability (CVE-2002-0986)

e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-8098)

WordPress Plugin MC4WP:Mailchimp for WordPress Cross-Site Request Forgery (4.8.4)

WordPress Plugin Bilingual Linker Cross-Site Scripting (2.1.1)

Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-3189)

Severity

High

Classification

CVE-2016-9418 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities