MyBB Remote CSS File Overwrite Vulnerability for Windows Platforms
CVE-2016-9415

7.5HIGH

Key Information:

Vendor

Mybb

Status
Merge System
Mybb
Vendor
CVE Published:
31 January 2017

What is CVE-2016-9415?

The MyBB platform, including its Merge System, is susceptible to a vulnerability that allows remote attackers to overwrite arbitrary CSS files on Windows environments. This flaw arises from improper handling of style imports, potentially enabling unauthorized modifications to website appearance through injected styles, which can harm site integrity and user experience. It's crucial for users to update to versions 1.8.8 or newer to mitigate this security risk.

References

https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-...
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2016/11/18/1
mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2016/11/10/8
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.