MyBB 1.8.5

SecurityMaintenance

code 1805

Full Package

Install a new MyBB forum or upgrade from older versions.

.zip – 2.1 MB

Download from MyBB.com

md5:

80a24a9a434e0c70e2a21e3b1744378f

Changed Files

Upgrade from the previous version.

.zip – 0.88 MB

Download from MyBB.com

md5:

47e930b70f94991ad3f4435a93bc5c28

How to verify packages

Upgrading to this Version

Before performing any upgrade, remember to backup your forum’s files and database and store them safely.

If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

Follow the Upgrade Documentation for more detailed instructions.

Security Vulnerabilities Addressed (6)

Medium risk

Reset password code check could be circumvented in member.php

CWE-287 CVSS:3.1/PR:N Reported by solati.sadegh

Medium risk

Sender email could be spoofed when sending an email to a user in member.php

CWE-345 CVSS:3.1/PR:L Reported by onlinedevelopers

Medium risk

Permissions not checked for post search with old sid in search.php

CWE-284 CVSS:3.1/PR:N Reported by pedder55655

Medium risk

XSS in quick edit function of xmlhttp.php

CWE-79 CVSS:3.1/PR:N Reported by TiberiusG

Low risk

CSRF in ACP mass mail cancellation

CWE-352 CVSS:3.1/PR:H Reported by Destroy666 MyBB Team

Low risk

Use of the U+200E Unicode character to create “duplicate” username

Reported by mahdy2021

Issues Resolved (58)

View issues on GitHub

Changed Files ()

Changed Language Files (12)

There are changes to 12 language file(s). Changed languages files can be cross-referenced from the list above.

Changed Templates (8)

  • codebuttons
  • modcp
  • postbit_attachments_images_image
  • postbit_attachments_thumbnails_thumbnail
  • private_advanced_search
  • private_send_tracking
  • reputation
  • usercp_profile_contact_fields