FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mybb -- multiple vulnerabilities

Affected packages
mybb < 1.8.13

Details

VuXML ID 7761288c-d148-11e7-87e5-00e04c1ea73d
Discovery 2017-11-07
Entry 2017-11-24

myBB Team reports:

High risk: Installer RCE on configuration file write

High risk: Language file headers RCE

Medium risk: Installer XSS

Medium risk: Mod CP Edit Profile XSS

Low risk: Insufficient moderator permission check in delayed moderation tools

Low risk: Announcements HTML filter bypass

Low risk: Language Pack Properties XSS.

References

URL https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release/