Description

MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to obtain sensitive database information via vectors involving templates.

Remediation

References

CVE-2016-9410

Related Vulnerabilities

Ruby Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3655)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress PHP Object Injection (3.6.12)

WordPress Plugin WPE Indoshipping Multiple Remote File Inclusion Vulnerabilities (2.5.0)

phpBB Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-16108)

Apache Tomcat Improper Input Validation Vulnerability (CVE-2013-4286)

Severity

High

Classification

CVE-2016-9410 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities