MyBB 1.6.17
Security
code 1617
This version is no longer supported
The MyBB 1.6 series reached end of life on October 1, 2015.
This means there will be no more security or maintenance releases for this series and forums running this version of MyBB may be at risk of unfixed security issues. The MyBB Group strongly encourages all communities to upgrade to the latest release of MyBB as soon as possible.
Full Package
Install a new MyBB forum or upgrade from older versions.
.zip – 1.89 MB
Download from MyBB.comsha512:
00f88a81d79ae7e96591dd7c50c01ac7b73a9993f5707d43bbbd9c7f9817e63e0f09c1182c737d8d5be1ea0e31222e089ef7adbb33efa5c3cecdc947f5c7dddd
More checksums…
sha256:
919897331cdccb1b5fec6ab276f1e403d3f451b2d1ea095e7179bb71459d0755
sha1:
53983cfbc3eba464e5ff28c0f045cf2ae1aef24d
md5:
b9dd9e8cd9c6390626f850bb83cb03cb
Changed Files
Upgrade from the previous version.
.zip – 0.21 MB
Download from MyBB.comsha512:
96c101ef3598538113f82a19e4f989e3a36f508d39bbb634ecb0015108b22fd1bd9a1eba226720a193733aae1a998ef9cad47e57dbce6f9bb9f4597d9a5464b7
More checksums…
sha256:
19e2272aa497607c86a18a2899a024ae29fdeeaae5078cc863ea55b867bd7fe8
sha1:
d71e39f2c8d5091ac38b0334a7bc083002fd4482
md5:
7dcd16daa063020b9773b78901a54f32
Security Vulnerabilities Addressed (5)
Reset password code check could be circumvented in member.php
Permissions not checked for post search with old sid in search.php
CSRF in ACP mass mail cancellation
Use of the U+200E Unicode character to create "duplicate" username
Multiple XSS vulnerability requiring admin permissions
A CSRF vulnerability within ACP login
Cache handler using var_export without encoding checks