MyBB 1.8.6

SecurityMaintenance

code 1806

Full Package

Install a new MyBB forum or upgrade from older versions.

.zip – 2.1 MB

Download from MyBB.com

md5:

31e91be52df744ccc4ba3c1c12208ec3

Changed Files

Upgrade from the previous version.

.zip – 1 MB

Download from MyBB.com

md5:

1fa6a941ba49c6e5308bc74a16f6c09f

How to verify packages

Upgrading to this Version

Before performing any upgrade, remember to backup your forum’s files and database and store them safely.

If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

Follow the Upgrade Documentation for more detailed instructions.

Security Vulnerabilities Addressed (5)

Medium risk

Forum password bypass in xmlhttp.php

CWE-284 CVSS:3.1/PR:N Reported by Devilshakerz MyBB Team

Low risk

SQL Injection in Grouppromotions module (ACP)

Reported by Devilshakerz MyBB Team

Low risk

Possible XSS Injection in the error handler

CWE-79 CVSS:3.1/PR:N Reported by FooBar123

Low risk

Possible XSS issues in old upgrade files

CWE-79 CVSS:3.1/PR:N Reported by FooBar123

Low risk

Possible Full Path Disclosure in publicly accessible error log files

CWE-200 CVSS:3.1/PR:N Reported by Devilshakerz MyBB Team

Issues Resolved (51)

View issues on GitHub

Changed Files ()

Changed Language Files (7)

There are changes to 7 language file(s). Changed languages files can be cross-referenced from the list above.

Changed Templates (18)

  • calendar_editevent
  • codebuttons
  • headerinclude
  • managegroup_adduser
  • managegroup_inviteuser
  • member_register_referrer
  • memberlist
  • memberlist_search
  • modcp_banuser
  • modcp_finduser
  • modcp_warninglogs
  • private_advanced_search
  • private_quickreply
  • private_send_autocomplete
  • search
  • search_results_posts_inlinemoderation
  • search_results_threads_inlinemoderation
  • usercp_avatar