xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to the forum password.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2016/11/10/8 | Third Party Advisory |
http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/94397 | Third Party Advisory VDB Entry |
https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/ | Release Notes Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-01-31T22:00:00
Updated: 2017-02-01T10:57:01
Reserved: 2016-11-17T00:00:00
Link: CVE-2015-8973
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-01-31T22:59:00.140
Modified: 2017-02-05T21:11:46.677
Link: CVE-2015-8973
JSON object: View
Redhat Information
No data.
CWE