Description

xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to the forum password.

Remediation

References

CVE-2015-8973

Related Vulnerabilities

Microsoft SQL Server Other Vulnerability (CVE-2002-1138)

Oracle Application Server Other Vulnerability (CVE-2007-2123)

Liferay Portal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-10795)

WordPress Directory Traversal (3.7 - 5.0.3)

WordPress Plugin WP Ultimate Email Marketer Multiple Vulnerabilities (1.1.0)

Severity

High

Classification

CVE-2015-8973 CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities