First published: Tue Jun 26 2018(Updated: )
MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. This attack appear to be exploitable via Subscribe to a forum through IDOR. This vulnerability appears to have been fixed in 1.8.15.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mybb Mybb | <1.8.15 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2018-1000503.
The title of the vulnerability is "MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result ..."
The severity of CVE-2018-1000503 is medium, with a severity value of 4.3.
Users can exploit CVE-2018-1000503 by viewing posts from private forums without having the password, using the Subscribe to a forum through IDOR method.
Yes, CVE-2018-1000503 has been fixed in version 1.8.15 of MyBB.