Kaspersky LabKLA10465KLA10465 Multiple vulnerabilities in MyBB
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
70.3%
Multiple serious vulnerabilities have been found in MyBB. Malicious users can exploit these vulnerabilities to obtain sensitive information or conduct cross site scrtipting.
Below is a complete list of vulnerabilities
- An unknown vulnerability can be exploited remotely via vectors related to JSON;
- CSRF vulnerability can be exploited remotely via unknown vectors;
- XSS vulnerability can be exploited remotely via vectors related to administrative backend;
Original advisories
Related products
CVE list
CVE-2015-2334 high
CVE-2015-2335 critical
CVE-2015-2332 warning
CVE-2015-2333 warning
CVE-2015-2149 warning
Solution
Update to latest version!
Impacts
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- CI
Code injection. Exploitation of vulnerabilities with this impact can lead to changes in target code.
Affected Products
- MyBB versions earlier than 1.8.4
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
70.3%