Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

MyBB Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-8104)

Description

In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter.

Remediation

References

Related Vulnerabilities

OpenSSL Cryptographic Issues Vulnerability (CVE-2013-6449)

WordPress 6.2.x Shortcode Execution (6.2 - 6.2.1)

Squid Insufficient Verification of Data Authenticity Vulnerability (CVE-2016-4553)

MySQL CVE-2019-2819 Vulnerability (CVE-2019-2819)

WordPress Plugin Delete All Comments Arbitrary File Upload (2.0)

Severity

Medium

Classification

CVE-2017-8104 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities