MyBB 1.8.7

SecurityMaintenance

code 1807

Full Package

Install a new MyBB forum or upgrade from older versions.

.zip – 2.1 MB

Download from MyBB.com

md5:

20fd51c3c8a9cefc54be55a6d3b42c60

Changed Files

Upgrade from the previous version.

.zip – 0.84 MB

Download from MyBB.com

md5:

5542aee753edfd18fc9b9e5783058d9d

How to verify packages

Upgrading to this Version

Before performing any upgrade, remember to backup your forum’s files and database and store them safely.

If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

Follow the Upgrade Documentation for more detailed instructions.

Security Vulnerabilities Addressed (13)

Medium risk

Possible SQL Injection in moderation tool

CWE-89 CVSS:3.1/PR:L Reported by jamslater

Low risk

Missing permission check in newreply.php

CWE-284 CVSS:3.1/PR:N Reported by StefanT MyBB Team

Low risk

Possible XSS Injection on login

CWE-79 CVSS:3.1/PR:N Reported by Devilshakerz MyBB Team

Low risk

Possible XSS Injection in member validation

CWE-79 CVSS:3.1/PR:N Reported by Tim Coen

Low risk

Possible XSS Injection in User CP

CWE-79 CVSS:3.1/PR:L Reported by Tim Coen

Low risk

Possible XSS Injection in Mod CP logs

CWE-79 CVSS:3.1/PR:L Reported by Starpaul20 MyBB Team

Low risk

Possible XSS Injection when editing users in Mod CP

CWE-79 CVSS:3.1/PR:L Reported by Tim Coen

Low risk

Possible XSS Injection when pruning logs in ACP

CWE-79 CVSS:3.1/PR:H Reported by Devilshakerz MyBB Team

Low risk

Possibility of retrieving database details through templates

CWE-200 CVSS:3.1/PR:H Reported by Tim Coen

Low risk

Disclosure of ACP path when sending mails from ACP

CWE-200 CVSS:3.1/PR:N Reported by sarisisop

Low risk

Low adminsid & sid entropy

CWE-334 CVSS:3.1/PR:N Reported by Devilshakerz MyBB Team

Low risk

Clickjacking in ACP

CWE-1021 CVSS:3.1/PR:N Reported by DingjieYang

Low risk

Missing directory listing protection in upload directories

CWE-548 CVSS:3.1/PR:N Reported by Tim Coen

Issues Resolved (83)

View issues on GitHub

Changed Files ()

Changed Language Files (15)

There are changes to 15 language file(s). Changed languages files can be cross-referenced from the list above.

Changed Templates (40)

  • forumdisplay
  • forumdisplay_inlinemoderation
  • forumdisplay_nopermission
  • headerinclude
  • managegroup
  • managegroup_adduser
  • managegroup_inviteuser
  • member_profile
  • member_profile_findposts
  • member_profile_findthreads
  • member_register
  • member_register_referrer
  • memberlist
  • memberlist_search
  • misc_imcenter_skype
  • misc_whoposted_poster
  • modcp_banuser
  • modcp_finduser
  • modcp_warninglogs
  • polls_editpoll
  • post_attachments_attachment
  • post_attachments_new
  • private_advanced_search
  • private_send_autocomplete
  • report
  • report_error_nomodal
  • search
  • search_results_posts_inlinemoderation
  • search_results_posts_post
  • search_results_threads_inlinemoderation
  • showthread_inlinemoderation
  • usercp_currentavatar
  • usercp_editlists
  • usercp_editlists_user
  • usercp_subscriptions
  • video_dailymotion_embed
  • video_metacafe_embed
  • video_myspacetv_embed
  • video_vimeo_embed
  • video_yahoo_embed