This version is no longer supported
The MyBB 1.6 series reached end of life on October 1, 2015.
This means there will be no more security or maintenance releases for this series and forums running this version of MyBB may be at risk of unfixed security issues. The MyBB Group strongly encourages all communities to upgrade to the latest release of MyBB as soon as possible.
Security vulnerabilities addressed (5)
Reset password code check could be circumvented in member.php
Permissions not checked for post search with old sid in search.php
CSRF in ACP mass mail cancellation
Use of the U+200E Unicode character to create "duplicate" username
Multiple XSS vulnerability requiring admin permissions
A CSRF vulnerability within ACP login
Cache handler using var_export without encoding checks
Changed Files (9)
- admin - modules - config - attachment_types.php - mycode.php - post_icons.php - profile_fields.php - thread_prefixes.php - forum - management.php - style - templates.php - tools - tasks.php - user - groups.php - mass_mail.php - titles.php - users.php - index.php
- inc - cachehandlers - disk.php - class_core.php - class_error.php - functions.php