|
Description
|
|
Multiple vulnerabilities have been identified in MyBB, which could allow attackers or malicious users to bypass security restrictions, gain knowledge of sensitive information.
The first issue is caused by an input validation error in the "moderation.php" script when processing the "url" parameter while "action" is set to "removesubscriptions" and "ajax" is set to "1", which could be exploited by attackers to cause arbitrary scripting code to be executed by the administrator's or moderator's browser in the security context of an affected site.
The second vulnerability is caused due to attachments being stored on the server with filenames generated in an insecure manner, which could allow attackers to guess the filenames and disclose sensitive information.
The third issue is caused by unspecified errors with an unknown impact and unknown attack vectors.
|
