Description

MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow remote attackers to obtain sensitive information by leveraging missing directory listing protection in upload directories.

Remediation

References

CVE-2016-9414

Related Vulnerabilities

CubeCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-4060)

Oracle Application Server CVE-2009-0996 Vulnerability (CVE-2009-0996)

WordPress Plugin Gallery for Social Photo Cross-Site Request Forgery (1.0.0.27)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4303)

WordPress Plugin YITH WooCommerce Multi Vendor Cross-Site Scripting (3.8.0)

Severity

High

Classification

CVE-2016-9414 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities