Search This Blog

Powered by Blogger.

Blog Archive

Labels

MyBB 1.6.6 Security Release patch 14 Vulnerabilities

MyBB released updated version MyBB 1.6.6 that fixes one major issue and 14 low risk vulnerabilities.

The Vulnerability Details:
  • Non Critical: Import a non-CSS stylesheet (Theme)
  • Low Risk: CSRF vulnerability on Admin CP logout (Issue #1769)
  • Low Risk: CSRF vulnerability when clearing a stored password (Issue #1824)
  • Low Risk: CSRF vulnerability when removing a buddy (Issue #1825)
  • Low Risk: CSRF vulnerability with Admin CP join requests (Issue #1834)
  • Low Risk: CSRF vulnerability in Group Promotions Enable/Disable
  • Low Risk: CSRF vulnerability in ACP Edit User (Avatar)
  • Low Risk: CSRF vulnerability with activating a user
  • Low Risk: XSS vulnerability when moving an event (Calendar)
  • Low Risk: XSS vulnerabilities in Akismet plugin
  • Low Risk: XSS vulnerabilities in Forum Subscriptions (User CP)
  • Low Risk: XSS vulnerability in Moderator Logs
  • Low Risk: XSS vulnerability in Edit Post
  • Low Risk: XSS vulnerability when editing Announcements

Download or upgrade:
http://blog.mybb.com/2012/02/10/mybb-1-6-6-security-release/

Share it:

MyBB

Security News