CVE-2017-7566
high
CVSS v3
7.7
CVSS v4 NEW
โ
VIR risk
7.7
Description
MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism.
Predictions
Exploit likelihood
85%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| mybb | mybb | {"endIncluding":"1.8.10"} | |
References
- http://www.securityfocus.com/bid/97480
- https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/
- https://github.com/mybb/mybb/commit/f5de8fc2aad11e0d2583f585535ccfa2b46325db#diff-7fe6e55397c77ab9a0f5d57bc4cbe5b9R6781
- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170407-0_MyBB_SSRF_vulnerability_v10.txt
- http://www.securityfocus.com/bid/97480
- https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/
- https://github.com/mybb/mybb/commit/f5de8fc2aad11e0d2583f585535ccfa2b46325db#diff-7fe6e55397c77ab9a0f5d57bc4cbe5b9R6781
- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170407-0_MyBB_SSRF_vulnerability_v10.txt
CWEs
CWE-918
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.