MyBulletinBoard Installation Path Exposure Vulnerability
CVE-2015-8977

7.5HIGH

Key Information:

Vendor

Mybb

Status
Mybb
Merge System
Vendor
CVE Published:
31 January 2017

What is CVE-2015-8977?

MyBulletinBoard versions prior to 1.6.18 and 1.8.x prior to 1.8.6, as well as the MyBB Merge System before 1.8.6, are susceptible to an installation path exposure vulnerability. This weakness allows remote attackers to gain access to sensitive information regarding the server's installation directory by exploiting vulnerable error log files. Organizations using affected versions should prioritize updating to secure versions to prevent potential exploitation.

References

https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/94397
vdb-entryx_refsource_BID
http://www.openwall.com/lists/oss-security/2016/11/18/1
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.