Vulnerability Description
MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow remote attackers to obtain sensitive information by leveraging missing directory listing protection in upload directories.
CVSS Score
7.5
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mybb | Merge System | <= 1.8.6 |
| Mybb | Mybb | <= 1.8.6 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2016/11/10/8Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2016/11/18/1Mailing ListPatchThird Party Advisory
- http://www.securityfocus.com/bid/94395Third Party AdvisoryVDB Entry
- https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/PatchThird Party AdvisoryVendor Advisory
- http://www.openwall.com/lists/oss-security/2016/11/10/8Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2016/11/18/1Mailing ListPatchThird Party Advisory
- http://www.securityfocus.com/bid/94395Third Party AdvisoryVDB Entry
- https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/PatchThird Party AdvisoryVendor Advisory
FAQ
What is CVE-2016-9414?
CVE-2016-9414 is a vulnerability with a CVSS score of 7.5 (HIGH). MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow remote attackers to obtain sensitive information by leveraging missing directory listing protection in upload directori...
How severe is CVE-2016-9414?
CVE-2016-9414 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-9414?
Check the references section above for vendor advisories and patch information. Affected products include: Mybb Merge System, Mybb Mybb.