CVE-2016-9411

medium

Description

The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to obtain the installation path via vectors involving sending mails.

References

Advisories
More

http://www.securityfocus.com/bid/94395

http://www.openwall.com/lists/oss-security/2016/11/18/1

http://www.openwall.com/lists/oss-security/2016/11/10/8

https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/

Details

Source: Mitre, NVD

Published: 2017-01-31

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N