Design/Logic Flaw

2017-01-3122:59:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.3%

JSON

MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows allow remote attackers to overwrite arbitrary CSS files via vectors related to “style import.”

CPENameOperatorVersion
merge_systemle1.8.7
mybble1.8.7

CPE	Name	Operator	Version
	merge_system	le	1.8.7
	mybb	le	1.8.7

References

www.openwall.com/lists/oss-security/2016/11/10/8

www.openwall.com/lists/oss-security/2016/11/18/1

www.securityfocus.com/bid/94396

blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/