MyBB 1.6.17

Security

code 1617

This version is no longer supported

The MyBB 1.6 series reached end of life on October 1, 2015.

This means there will be no more security or maintenance releases for this series and forums running this version of MyBB may be at risk of unfixed security issues. The MyBB Group strongly encourages all communities to upgrade to the latest release of MyBB as soon as possible.

Full Package

Install a new MyBB forum or upgrade from older versions.

.zip – 1.89 MB

Download from MyBB.com

sha512:

00f88a81d79ae7e96591dd7c50c01ac7b73a9993f5707d43bbbd9c7f9817e63e0f09c1182c737d8d5be1ea0e31222e089ef7adbb33efa5c3cecdc947f5c7dddd

More checksums…

sha256:

919897331cdccb1b5fec6ab276f1e403d3f451b2d1ea095e7179bb71459d0755

sha1:

53983cfbc3eba464e5ff28c0f045cf2ae1aef24d

md5:

b9dd9e8cd9c6390626f850bb83cb03cb

Changed Files

Upgrade from the previous version.

.zip – 0.21 MB

Download from MyBB.com

sha512:

96c101ef3598538113f82a19e4f989e3a36f508d39bbb634ecb0015108b22fd1bd9a1eba226720a193733aae1a998ef9cad47e57dbce6f9bb9f4597d9a5464b7

More checksums…

sha256:

19e2272aa497607c86a18a2899a024ae29fdeeaae5078cc863ea55b867bd7fe8

sha1:

d71e39f2c8d5091ac38b0334a7bc083002fd4482

md5:

7dcd16daa063020b9773b78901a54f32

How to verify packages

Security Vulnerabilities Addressed (5)

Medium risk

Reset password code check could be circumvented in member.php

Medium risk

Permissions not checked for post search with old sid in search.php

Low risk

CSRF in ACP mass mail cancellation

Low risk

Use of the U+200E Unicode character to create "duplicate" username

Low risk

Multiple XSS vulnerability requiring admin permissions

Low risk

A CSRF vulnerability within ACP login

Low risk

Cache handler using var_export without encoding checks

Changed Files ()