Description

In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter.

Remediation

References

CVE-2017-8104

Related Vulnerabilities

Drupal Core 8.9.x Cross-Site Scripting (8.9.0 - 8.9.19)

Mailman Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-44227)

WordPress Plugin Job Manager Multiple Cross-Site Scripting Vulnerabilities (0.7.18)

MyBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-4627)

Atlassian Jira CVE-2020-14178 Vulnerability (CVE-2020-14178)

Severity

Medium

Classification

CVE-2017-8104 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities