Description
xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to the forum password.
Remediation
References
Related Vulnerabilities
PostgreSQL Other Vulnerability (CVE-2005-1410)
MySQL NULL Pointer Dereference Vulnerability (CVE-2021-22570)
Atlassian Jira CVE-2019-20402 Vulnerability (CVE-2019-20402)
WordPress Plugin Import all XML, CSV & TXT into WordPress Multiple Vulnerabilities (6.5.7)
WordPress Plugin Browser Screenshots Cross-Site Scripting (1.7.5)