Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mybb vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2015-2334
Cross-site request forgery (CSRF) vulnerability in the Admin Control Panel (ACP) login in MyBB (aka MyBulletinBoard) prior to 1.8.4 allows remote malicious users to hijack the authentication of unspecified victims via unknown vectors.
Mybb Mybb
5
CVSSv2
CVE-2015-2335
A JSON library in MyBB (aka MyBulletinBoard) prior to 1.8.4 allows remote malicious users to obtain the installation path via unknown vectors.
Mybb Mybb
4.3
CVSSv2
CVE-2016-9419
Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) prior to 1.8.8 and MyBB Merge System prior to 1.8.8 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Mybb Mybb
6.5
CVSSv2
CVE-2018-1000502
MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance -> Task Manager -> Add New Task) that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. This attack appear to be e...
Mybb Mybb
4
CVSSv2
CVE-2018-1000503
MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. This attack appear to be exploitable via Subscribe to a forum through IDOR. This vulnerability appears to h...
Mybb Mybb
4.3
CVSSv2
CVE-2018-19201
A reflected XSS vulnerability in the ModCP Profile Editor in MyBB prior to 1.8.20 allows remote malicious users to inject JavaScript via the 'username' parameter.
Mybb Mybb
4.3
CVSSv2
CVE-2018-19202
A reflected XSS vulnerability in index.php in MyBB 1.8.x up to and including 1.8.19 allows remote malicious users to inject JavaScript via the 'upsetting[bburl]' parameter.
Mybb Mybb
10
CVSSv2
CVE-2015-2786
Unspecified vulnerability in MyBB (aka MyBulletinBoard) prior to 1.8.4 has unknown attack vectors related to "Group join request notifications sent to wrong group leaders."
Mybb Mybb
4.3
CVSSv2
CVE-2017-8103
In MyBB prior to 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event.
Mybb Mybb
5
CVSSv2
CVE-2017-8104
In MyBB prior to 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter.
Mybb Mybb
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »