MyBB 1.6.17

Security

This version is no longer supported

The MyBB 1.6 series reached end of life on October 1, 2015.

This means there will be no more security or maintenance releases for this series and forums running this version of MyBB may be at risk of unfixed security issues. The MyBB Group strongly encourages all communities to upgrade to the latest release of MyBB as soon as possible.

Security vulnerabilities addressed (5)

Medium risk

Reset password code check could be circumvented in member.php

Medium risk

Permissions not checked for post search with old sid in search.php

Low risk

CSRF in ACP mass mail cancellation

Low risk

Use of the U+200E Unicode character to create "duplicate" username

Low risk

Multiple XSS vulnerability requiring admin permissions

Low risk

A CSRF vulnerability within ACP login

Low risk

Cache handler using var_export without encoding checks

Changed Files ()