Server-Side Request Forgery Vulnerability in MyBB Product
CVE-2016-9417

7.4HIGH

Key Information:

Vendor

Mybb

Status
Merge System
Mybb
Vendor
CVE Published:
31 January 2017

What is CVE-2016-9417?

The fetch_remote_file function in MyBB and the MyBB Merge System prior to version 1.8.8 is susceptible to server-side request forgery (SSRF) attacks. This vulnerability permits remote attackers to exploit the affected systems, potentially leading to unauthorized access to internal resources and the execution of arbitrary commands on the server. Proper input validation and strict access controls are essential to mitigate the risks associated with this security flaw.

References

https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-...
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2016/11/18/1
mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2016/11/10/8
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.