Description In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter. Remediation References CVE-2017-8104 Related Vulnerabilities WordPress Plugin Nextend Google Connect Cross-Site Scripting (1.5.2) WordPress Plugin WP Customer Reviews Unspecified Vulnerability (3.0.7) WordPress Plugin Price Commander for WooCommerce Security Bypass (1.2.2) Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-13588) WordPress Plugin WordPress Social Stream Information Disclosure (1.6) Severity Medium Classification CVE-2017-8104 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Tags Missing Update Known Vulnerabilities