Описание
xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to the forum password.
Ссылки
- Third Party Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Release NotesVendor Advisory
- Third Party Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.8.5 (включая)Версия до 1.6.17 (включая)
Одно из
cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*
cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*
cpe:2.3:a:mybb:mybb:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:mybb:mybb:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:mybb:mybb:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:mybb:mybb:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:mybb:mybb:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:mybb:mybb:1.8.5:*:*:*:*:*:*:*
EPSS
Процентиль: 59%
0.00384
Низкий
8.3 High
CVSS3
7.5 High
CVSS2
Дефекты
CWE-284
Связанные уязвимости
CVSS3: 8.3
github
больше 3 лет назад
xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to the forum password.
EPSS
Процентиль: 59%
0.00384
Низкий
8.3 High
CVSS3
7.5 High
CVSS2
Дефекты
CWE-284