MyBB Documentation

Version: 1.6.17

MyBB 1.6.17

Release Date

MyBB 1.6.17 was released on 27 May 2015.

Announcement Summary

MyBB 1.6.17 is a security release and fixes 2 medium and 5 low risk vulnerabilities.

Fixed Issues

  • Vulnerabilities fixed:
    • Medium Risk: Reset password code check could be circumvented in member.php
    • Medium Risk: Permissions not checked for post search with old sid in search.php
    • Low Risk: CSRF in ACP mass mail cancellation
    • Low Risk: Use of the U+200E Unicode character to create “duplicate” username
    • Low Risk: Multiple XSS vulnerability requiring admin permissions
    • Low Risk: A CSRF vulnerability within ACP login
    • Low Risk: Cache handler using var_export without encoding checks

Changed Files

The following files have changed since MyBB 1.6.16.

  • admin
    • modules
      • config
        • attachment_types.php
        • mycode.php
        • post_icons.php
        • profile_fields.php
        • thread_prefixes.php
      • forum
        • management.php
      • style
        • templates.php
      • tools
        • tasks.php
      • user
        • groups.php
        • mass_mail.php
        • titles.php
        • users.php
        • index.php
  • inc
    • cachehandlers
      • disk.php
    • class_core.php
    • class_error.php
    • functions.php
  • managegroup.php
  • member.php
  • modcp.php
  • search.php
  • showthread.php
  • usercp.php
  • xmlhttp.php

Language Changes

There are no changes to language files.

Template Changes

There are no changes to templates.

Edit this page on GitHub