This release fixes13 security vulnerabilitiesand83 reported issuescausing incorrect functionality of MyBB. Please be aware that not all issues have been fixed in this version in order to provide easy to manage updates.
- Vulnerabilities:
- Medium risk: Possible SQL Injection in moderation tool
- Low risk: Missing permission check in newreply.php
- Low risk: Possible XSS Injection on login
- Low risk: Possible XSS Injection in member validation
- Low risk: Possible XSS Injection in User CP
- Low risk: Possible XSS Injection in Mod CP logs
- Low risk: Possible XSS Injection when editing users in Mod CP
- Low risk: Possible XSS Injection when pruning logs in ACP
- Low risk: Possibility of retrieving database details through templates
- Low risk: Disclosure of ACP path when sending mails from ACP
- Low risk: Low adminsid & sid entropy
- Low risk: Clickjacking in ACP
- Low risk: Missing directory listing protection in upload directories
- Medium risk: Possible SQL Injection in moderation tool
- Bugs fixed:
Download:https://www.mybb.com/download/
![[Image: Yp8ZHSk.gif]](https://i.imgur.com/Yp8ZHSk.gif)