MyBB 1.6.18

Security

code 1618

This version is no longer supported

The MyBB 1.6 series reached end of life on October 1, 2015.

This means there will be no more security or maintenance releases for this series and forums running this version of MyBB may be at risk of unfixed security issues. The MyBB Group strongly encourages all communities to upgrade to the latest release of MyBB as soon as possible.

Full Package

Install a new MyBB forum or upgrade from older versions.

.zip – 1.88 MB

Download from MyBB.com

sha512:

2c0c369898a85a42f3c32fd54b74dafa980bb888d4396adcd04fa7462c06e8b4c39e18f3070da1cb34f676cac313933b75cc7b2c0f3d377c1019a2f8abce6672

More checksums…

sha256:

67c9b2d3a0f8020347a6b4caa6e7a6c7233d582f254f984b44ff870dc3c3822e

sha1:

0616d3d6af433e722c22cc06b25072918977cca9

md5:

ad17b498116831a1d1d75bf07351ea0c

Changed Files

Upgrade from the previous version.

.zip – 0.09 MB

Download from MyBB.com

sha512:

10055408cf097abf374807c4a403c27653431c29f6a466b76c9191c91b81621a0b278ce4fb0ec372b26e1876131cf3346c36ab000df71c5e71682223a55193aa

More checksums…

sha256:

1db342284c4aa2aedf51d25a1046d4cef13e537d051927e2faf006c8cfda6c2a

sha1:

1f5f547da9b89a715be2fe2cc9deb78398d95499

md5:

542f2ecfdc29f326607a2f82616cc95c

How to verify packages

Security Vulnerabilities Addressed (3)

Medium risk

Forum password bypass in xmlhttp.php

Low risk

SQL Injection in Grouppromotions module (ACP)

Low risk

Possible XSS Injection in the error handler

Low risk

Possible XSS issues in old upgrade files

Changed Files

  • admin
    • modules
      • user
        • group_promotions.php
  • inc
    • class_core.php
    • class_error.php
    • functions.php
  • install
    • resources
      • upgrade3.php
      • upgrade12.php
      • upgrade13.php
      • upgrade17.php
  • xmlhttp.php