CVE-2016-9415

Опубликовано: 31 янв. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows allow remote attackers to overwrite arbitrary CSS files via vectors related to "style import."

Ссылки

http://www.openwall.com/lists/oss-security/2016/11/10/8
Mailing List
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/11/18/1
Mailing List
Patch
Third Party Advisory
http://www.securityfocus.com/bid/94396
Third Party Advisory
VDB Entry
https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/
Patch
Release Notes
Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/11/10/8
Mailing List
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/11/18/1
Mailing List
Patch
Third Party Advisory
http://www.securityfocus.com/bid/94396
Third Party Advisory
VDB Entry
https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/
Patch
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*

Версия до 1.8.7 (включая)

cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*

Версия до 1.8.7 (включая)

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01001

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-284

Связанные уязвимости

GHSA-4484-gfhj-qfpj