MyBulletinBoard Vulnerabilities in MyBB and Merge System
CVE-2016-9412

9.8CRITICAL

Key Information:

Vendor

Mybb

Status
Mybb
Merge System
Vendor
CVE Published:
31 January 2017

What is CVE-2016-9412?

The MyBulletinBoard software and its Merge System versions prior to 1.8.7 exhibit vulnerabilities that may enable attackers to exploit low levels of adminsid and sid entropy. This could lead to unauthorized access or other unspecified impacts. It is crucial for administrators to ensure they are running the latest versions to mitigate potential risks associated with these vulnerabilities.

References

http://www.securityfocus.com/bid/94395
vdb-entryx_refsource_BID
http://www.openwall.com/lists/oss-security/2016/11/18/1
mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2016/11/10/8
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.