Description In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter. Remediation References CVE-2017-8104 Related Vulnerabilities Sqlite Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2023-7104) Jenkins Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2017-1000503) Microsoft SQL Server CVE-2023-29349 Vulnerability (CVE-2023-29349) Oracle Database Server CVE-2020-2734 Vulnerability (CVE-2020-2734) Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41304) Severity Medium Classification CVE-2017-8104 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Tags Missing Update Known Vulnerabilities