MyBB 1.8.26
Security
code 1826
Full Package
Install a new MyBB forum or upgrade from older versions.
.zip – 2.14 MB
Download from MyBB.com Download from GitHub.com (mirror)sha512:
a0e21d7fa5bbc392355226bf7bfdf0f73f92faea660e2a9af3db8c40a566f28dd56c354898f42e46a172392b1dbbe55fbcccbb8222805d227ce38750797d159f
More checksums…
sha256:
85d20f692e718ece9e9a7f75b410955f231f2f23e810b42f3c5f98501a8b6f6f
sha1:
298e5fc4a66156c3a50175824234daba5d42194f
md5:
d45de383f1a28f059115728caf6fcd67
Changed Files
Upgrade from the previous version.
.zip – 0.24 MB
Download from MyBB.com Download from GitHub.com (mirror)sha512:
cf70eba4b847f640514df2c1f8d37b44eef4a6aed097a463165b231affc30dd393b1ccbd10f8579765bdf02da74d7aa11aa845a539f6ba065f9a8a196e4a2a8f
More checksums…
sha256:
2dae310ebfba8ba4acdc93f104f9022d708152b74b5dbd7e39ae479f21dabe48
sha1:
ea89b361e1c728bd19b26ed80da3cc7ecb906aeb
md5:
5a2b0e43b68dd7335c1744935c1d3657
Upgrading to this Version
To upgrade from the previous version: copy and overwrite files from the Changed Files package.
Upgrading from older versions may require running the install/
upgrade script.
Before performing any upgrade, remember to backup your forum’s files and database and store them safely.
If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.
Follow the Upgrade Documentation for more detailed instructions.
Security Vulnerabilities Addressed (6)
Nested Auto URL persistent XSS [1] [2]
CWE-79
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2021-27889
Reported by Simon Scannell & Carl Smith
Theme properties SQL injection [1] [2]
CWE-89
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-27890
Reported by Simon Scannell & Carl Smith
Poll vote count SQL injection [1]
CWE-89
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-27946
Reported by Devilshakerz
MyBB Team
Forum Management SQL injection [1]
CWE-89
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-27947
Reported by Devilshakerz
MyBB Team
Usergroups SQL injection [1]
CWE-89
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-27948
Reported by Devilshakerz
MyBB Team
Custom moderator tools reflected XSS [1]
CWE-79
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
CVE-2021-27949
Reported by Devilshakerz
MyBB Team