Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

MyBB Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-7566)

Description

MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism.

Remediation

References

Related Vulnerabilities

WordPress Plugin NextGEN Gallery-WordPress Gallery 'nggallery-manage-gallery' HTML Injection (0.96)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Scripting (3.8.3)

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.3)

WordPress Plugin Personalized WooCommerce Cart Page Cross-Site Request Forgery (2.4)

Mailman Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-12108)

Severity

High

Classification

CVE-2017-7566 CWE-918 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities