Bypassing Access Restrictions in MyBB and MyBB Merge System via Forum Password Vulnerability

Bypassing Access Restrictions in MyBB and MyBB Merge System via Forum Password Vulnerability

CVE-2015-8973 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to the forum password.

Learn more about our Web Application Penetration Testing UK.