MyBB 1.4/1.6 - Multiple Security Vulnerabilities

ID EDB-ID:35559
Type exploitdb
Reporter MustLive
Modified 2011-04-04T00:00:00


MyBB 1.4/1.6 Multiple Security Vulnerabilities. Webapps exploit for php platform


MyBB is prone to multiple security vulnerabilities. These vulnerabilities include a username-enumeration weakness, an XML-injection vulnerability, and a cross-site scripting vulnerability.

Exploiting these issues may allow attackers to discern valid usernames, which may aid them in brute-force password cracking or other attacks. Attacker-supplied XML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user.

Versions prior to 1.6.2 and 1.4.15 are vulnerable.