MyBB Merge System 1.8.7

CPE Details

MyBB Merge System 1.8.7
mybb
merge_system
1.8.7
2017-02-02
17h55 +00:00
2021-07-01
12h02 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:mybb:merge_system:1.8.7:*:*:*:*:*:*:*

Informations

Vendor

mybb

Product

merge_system

Version

1.8.7

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2016-9415 2017-01-31 21h00 +00:00 MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows allow remote attackers to overwrite arbitrary CSS files via vectors related to "style import."
7.5
High
CVE-2016-9416 2017-01-31 21h00 +00:00 SQL injection vulnerability in the users data handler in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
9.8
Critical
CVE-2016-9417 2017-01-31 21h00 +00:00 The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.
7.4
High
CVE-2016-9418 2017-01-31 21h00 +00:00 MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows might allow remote attackers to obtain sensitive information from ACP backups via vectors involving a short name.
7.5
High
CVE-2016-9420 2017-01-31 21h00 +00:00 MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allow remote attackers to have unspecified impact via vectors related to "loose comparison false positives."
9.8
Critical
CVE-2016-9421 2017-01-31 21h00 +00:00 Cross-site scripting (XSS) vulnerability in the Users module in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
6.1
Medium