CVE-2009-4449
MyBB 1.4.10 and earlier are affected by a directory traversal vulnerability in the avatar/gallery change flow, allowing remote authenticated users to infer file existence via traversal sequences in avatar and possibly gallery parameters. The issue concerns files admin/modules/user/users.php and u...