cbcvebase.
CVE-2016-9411
published 2017-01-31

CVE-2016-9411: The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to obtain the installation path…

PriorityP430medium5.3CVSS 3.0
AVNACLPRNUINSUCLINAN
EPSS
1.76%
75.2th percentile
The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to obtain the installation path via vectors involving sending mails.

Affected

2 ranges
VendorProductVersion rangeFixed in
mybbmerge_system<= 1.8.6
mybbmybb<= 1.8.6

CVSS provenance

nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.