MyBB 1.8.26

10 March 2021

Security

code 1826

Full Package

Install a new MyBB forum or upgrade from older versions.

.zip – 2.14 MB

Download from MyBB.com Download from GitHub.com (mirror)

sha512:

a0e21d7fa5bbc392355226bf7bfdf0f73f92faea660e2a9af3db8c40a566f28dd56c354898f42e46a172392b1dbbe55fbcccbb8222805d227ce38750797d159f

More checksums…

sha256:

85d20f692e718ece9e9a7f75b410955f231f2f23e810b42f3c5f98501a8b6f6f

sha1:

298e5fc4a66156c3a50175824234daba5d42194f

md5:

d45de383f1a28f059115728caf6fcd67

Changed Files

Upgrade from the previous version.

.zip – 0.24 MB

Download from MyBB.com Download from GitHub.com (mirror)

sha512:

cf70eba4b847f640514df2c1f8d37b44eef4a6aed097a463165b231affc30dd393b1ccbd10f8579765bdf02da74d7aa11aa845a539f6ba065f9a8a196e4a2a8f

More checksums…

sha256:

2dae310ebfba8ba4acdc93f104f9022d708152b74b5dbd7e39ae479f21dabe48

sha1:

ea89b361e1c728bd19b26ed80da3cc7ecb906aeb

md5:

5a2b0e43b68dd7335c1744935c1d3657

How to verify packages

Upgrading to this Version

To upgrade from the previous version: copy and overwrite files from the Changed Files package.

Upgrading from older versions may require running the install/ upgrade script.

Before performing any upgrade, remember to backup your forum’s files and database and store them safely.

If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

Follow the Upgrade Documentation for more detailed instructions.

Security Vulnerabilities Addressed (6)

High risk

Nested Auto URL persistent XSS [1] [2]

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2021-27889 Reported by Simon Scannell & Carl Smith

Medium risk

Theme properties SQL injection [1] [2]

CWE-89 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-27890 Reported by Simon Scannell & Carl Smith

Medium risk

Poll vote count SQL injection [1]

CWE-89 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-27946 Reported by Devilshakerz MyBB Team

Medium risk

Forum Management SQL injection [1]

CWE-89 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-27947 Reported by Devilshakerz MyBB Team

Medium risk

Usergroups SQL injection [1]

CWE-89 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-27948 Reported by Devilshakerz MyBB Team

Low risk

Custom moderator tools reflected XSS [1]

CWE-79 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L CVE-2021-27949 Reported by Devilshakerz MyBB Team

Upgrading to this Version

Security Vulnerabilities Addressed (6)

Nested Auto URL persistent XSS [1] [2]

Theme properties SQL injection [1] [2]

Poll vote count SQL injection [1]

Forum Management SQL injection [1]

Usergroups SQL injection [1]

Custom moderator tools reflected XSS [1]

Changed Files ()