MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the installation path via vectors involving error log files.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2016/11/10/8 | Third Party Advisory |
http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/94397 | Third Party Advisory VDB Entry |
https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/ | Release Notes Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-01-31T22:00:00
Updated: 2017-02-02T12:57:01
Reserved: 2016-11-17T00:00:00
Link: CVE-2015-8977
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-01-31T22:59:00.297
Modified: 2017-02-05T20:57:30.633
Link: CVE-2015-8977
JSON object: View
Redhat Information
No data.
CWE