Description

xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to the forum password.

Remediation

References

CVE-2015-8973

Related Vulnerabilities

Drupal CVE-2008-4793 Vulnerability (CVE-2008-4793)

WordPress Plugin WP-Stats-Dashboard SQL Injection (2.9.4)

WordPress Plugin FluentSMTP-WP Mail SMTP, Amazon SES, SendGrid, MailGun and Any SMTP Connector Cross-Site Scripting (2.0.0)

Ampache Improper Authentication Vulnerability (CVE-2007-4438)

CubeCart Improper Input Validation Vulnerability (CVE-2013-1465)

Severity

High

Classification

CVE-2015-8973 CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities