MyBB Documentation

Version 1.6.17

MyBB 1.6.17

Version: 1.6.17 (code 1617)
Release date: 27 May 2015
Type: Security


Security vulnerabilities addressed (5)

Severity Description Reported by
Medium risk Reset password code check could be circumvented in member.php
Medium risk Permissions not checked for post search with old sid in search.php
Low risk CSRF in ACP mass mail cancellation
Low risk Use of the U+200E Unicode character to create "duplicate" username
Low risk Multiple XSS vulnerability requiring admin permissions
Low risk A CSRF vulnerability within ACP login
Low risk Cache handler using var_export without encoding checks

Update Details

Changed Files (9)

  • admin - modules - config - attachment_types.php - mycode.php - post_icons.php - profile_fields.php - thread_prefixes.php - forum - management.php - style - templates.php - tools - tasks.php - user - groups.php - mass_mail.php - titles.php - users.php - index.php
  • inc - cachehandlers - disk.php - class_core.php - class_error.php - functions.php
  • managegroup.php
  • member.php
  • modcp.php
  • search.php
  • showthread.php
  • usercp.php
  • xmlhttp.php

Edit this page on GitHub