MyBB 1.8.8

SecurityMaintenance

code 1808

Full Package

Install a new MyBB forum or upgrade from older versions.

.zip – 2.1 MB

Download from MyBB.com

sha512:

8dec5923737b11deae578ed02f259acda01ca5bcc9032bc01df1e2d77ce36c54f87e66e42850460c8ea07515d99d4b5da4a73f915ee3f4e6bd2f654334ca0f75

More checksums…

sha256:

e63bd3ce5b8a7c4166102baa75f0aab1d12fc64379658a027d8bf49a437a469a

sha1:

2b8469cb42c3a66ec7e3253aa0cced464585d3dd

md5:

2e09c9fd3b2416ac3fea9bada18d61e5

Changed Files

Upgrade from the previous version.

.zip – 1.2 MB

Download from MyBB.com

sha512:

47ddbd601d008e9cb7309b328d36df95f901d1935593ded61e70cef22dc1312257266e056e5ea9d214babfd47a0aeb9560e9d11a5abb8d68a244f442467c41854a73f915ee3f4e6bd2f654334ca0f75

More checksums…

sha256:

bb479145b44f169c301c21425f78742d8cacd9fd9ef4543c2a5e39ab540f769e

sha1:

2c9985353e87c8710bdcdcf1856b0a6c63961317

md5:

43028accb46eecf8016ef5fdc4fe522a

How to verify packages

Upgrading to this Version

Before performing any upgrade, remember to backup your forum’s files and database and store them safely.

If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

Follow the Upgrade Documentation for more detailed instructions.

Security Vulnerabilities Addressed (7)

Medium risk

Style import CSS overwrite on Windows servers

CWE-22 CVSS:3.1/PR:H Reported by patryk

Medium risk

SQL Injection in the users data handler

CWE-89 CVSS:3.1/PR:L Reported by afinepl

Medium risk

SSRF attack in fetch_remote_file()

Reported by dawid_golunski

Medium risk

Possible short name access to ACP backups on Windows servers

CWE-22 CVSS:3.1/PR:N Reported by kevinoclam

Low risk

Stored XSS in the ACP

CWE-79 CVSS:3.1/PR:H Reported by patryk

Low risk

Loose comparison false positives

CWE-697 CVSS:3.1/PR:N Reported by Devilshakerz MyBB Team

Low risk

Possible XSS injection in ACP users module

CWE-79 CVSS:3.1/PR:H Reported by afinepl

Issues Resolved (58)

View issues on GitHub

Changed Files ()

Changed Language Files (23)

There are changes to 23 language file(s). Changed languages files can be cross-referenced from the list above.

Changed Templates (66)

  • calendar_mini_weekrow_day_link
  • calendar_weekrow_day_events
  • editpost
  • footer
  • forumbit_subforums
  • forumdisplay
  • forumdisplay_threadlist_rating
  • global_boardclosed_reason
  • global_dst_detection
  • global_no_permission_modal
  • member_profile_banned_remaining
  • member_register_question
  • member_register_regimage
  • memberlist
  • misc_smilies_no_smilies
  • misc_smilies_popup_empty
  • misc_smilies_popup_no_smilies
  • misc_smilies_popup_row
  • misc_syndication_forumlist_forum
  • modcp_banning_remaining
  • modcp_reports
  • modcp_reports_report
  • modcp_reports_report_comment
  • modcp_reports_report_comment_extra
  • moderation_delayedmodaction_notes_forum
  • moderation_delayedmodaction_notes_merge
  • moderation_delayedmodaction_notes_new_forum
  • moderation_delayedmodaction_notes_redirect
  • moderation_delayedmodaction_notes_thread_multiple
  • moderation_delayedmodaction_notes_thread_single
  • moderation_delayedmoderation_thread
  • moderation_threadnotes_modaction_forum
  • moderation_threadnotes_modaction_post
  • moderation_threadnotes_modaction_thread
  • mycode_code
  • mycode_email
  • mycode_img
  • mycode_php
  • mycode_quote_post
  • mycode_size_int
  • mycode_url
  • newreply
  • newreply_draftinput
  • newthread
  • newthread_draftinput
  • online_refresh
  • portal_stats_nobody
  • post_captcha
  • printthread_nav
  • private_messagebit
  • private_search_messagebit
  • private_send
  • report
  • report_reason
  • report_reasons
  • search_results_posts_forumlink
  • search_results_threads_forumlink
  • showthread
  • showthread_moderationoptions_approve
  • showthread_moderationoptions_unapprove
  • showthread_ratethread
  • smilieinsert_row
  • smilieinsert_row_empty
  • stats_topforum
  • usercp_editlists
  • warnings_postlink