Posted by Curesec Research Team (CRT) on Sep 15

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: MyBB 1.8.6
Fixed in: 1.8.7
Fixed Version Link: http://resources.mybb.com/downloads/mybb_1807.zip
Vendor Website: http://www.mybb.com/
Vulnerability Type: Improper validation of data passed to eval
Remote Exploitable: Yes
Reported to vendor: 01/29/2016
Disclosed to public: 09/15/2016
Release mode: Coordinated Release
CVE: n/a…