Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Home MyBB 1.6.6 Security Release patch 14 Vulnerabilities
MyBB Security News

MyBB 1.6.6 Security Release patch 14 Vulnerabilities

Friday, February 10, 2012
MyBB released updated version MyBB 1.6.6 that fixes one major issue and 14 low risk vulnerabilities.

The Vulnerability Details:
  • Non Critical: Import a non-CSS stylesheet (Theme)
  • Low Risk: CSRF vulnerability on Admin CP logout (Issue #1769)
  • Low Risk: CSRF vulnerability when clearing a stored password (Issue #1824)
  • Low Risk: CSRF vulnerability when removing a buddy (Issue #1825)
  • Low Risk: CSRF vulnerability with Admin CP join requests (Issue #1834)
  • Low Risk: CSRF vulnerability in Group Promotions Enable/Disable
  • Low Risk: CSRF vulnerability in ACP Edit User (Avatar)
  • Low Risk: CSRF vulnerability with activating a user
  • Low Risk: XSS vulnerability when moving an event (Calendar)
  • Low Risk: XSS vulnerabilities in Akismet plugin
  • Low Risk: XSS vulnerabilities in Forum Subscriptions (User CP)
  • Low Risk: XSS vulnerability in Moderator Logs
  • Low Risk: XSS vulnerability in Edit Post
  • Low Risk: XSS vulnerability when editing Announcements

Download or upgrade:
http://blog.mybb.com/2012/02/10/mybb-1-6-6-security-release/

Tags: MyBB Security News
Share it:

MyBB

Security News