xmlhttp.php in MyBB (aka MyBulletinBoard) prior to 1.6.18 and 1.8.x prior to 1.8.6 and MyBB Merge System prior to 1.8.6 allows remote malicious users to bypass intended access restrictions via vectors related to the forum password.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mybb mybb 1.8.5 |
||
mybb mybb 1.8.4 |
||
mybb mybb 1.8.0 |
||
mybb mybb |
||
mybb merge system |
||
mybb mybb 1.8.2 |
||
mybb mybb 1.8.3 |
||
mybb mybb 1.8.1 |