CVE-2015-8973 | SynScan

Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2015-8973

xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to the forum password.

Published: Jan 31, 2017
Updated: Apr 13, 2023
CVE: CVE-2015-8973
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.3
AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-284

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
mybb / mybb	1.8.1	1.8.1.x
mybb / mybb	1.8.0	1.8.0.x
mybb / mybb	1.8.3	1.8.3.x
mybb / mybb	1.8.5	1.8.5.x
mybb / mybb	1.8.4	1.8.4.x
mybb / merge_system	-	1.8.5.x
mybb / mybb	1.8.2	1.8.2.x
mybb / mybb	-	1.6.17.x