MyBB < 1.4.1 Multiple Vulnerabilities
Medium Nessus Network Monitor Plugin ID 4688
SynopsisThe remote host is vulnerable to multiple attack vectors.
DescriptionThe version of MyBB installed on the remote host is vulnerable to a number of vulnerabilities. The application fails to properly parse and sanitize data sent to the following scripts: global.php, announcements.php, admin/inc/class_page.php, inc/functions.php, inc/datahandlers/post.php, inc/class_error.php, polls.php, moderation.php, inc/class_moderation.php, usercp.php, and attachments.php. The details of these flaws is currently unknown; however, the vendor has released a fix.
SolutionUpgrade to version 1.4.2 or higher.