A weakness has been identified in MyBB, which could be exploited by attackers to gain knowledge of sensitive information. This issue is caused due to the "avatar" parameter not being validated before being used to check for the existence of files while changing a user's avatar, which could be exploited by malicious people to enumerate files on a vulnerable system via directory traversal attacks.
Vulnerable Products
Vulnerable Software: MyBB version 1.4.10 and prior
