Afinepl

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.8.8 MyBB Merge System versions prior to 1.8.8 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is due to a SQL injection vulnerability in the users data handler. **Recommendations** For MyBB versions prior to 1.8.8, update to version 1.8.8 or later. For MyBB Merge System versions prior to 1.8.8, update to version 1.8.8 or later.

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.8.8 MyBB Merge System versions prior to 1.8.8 **Description** The issue allows remote attackers to conduct server-side request forgery (SSRF) attacks. This is due to a problem in the `fetch remote file` function. **Recommendations** For MyBB versions prior to 1.8.8, update to version 1.8.8 or later. For MyBB Merge System versions prior to 1.8.8, update to version 1.8.8 or later.

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.8.8 MyBB Merge System versions prior to 1.8.8 **Description** A cross-site scripting (XSS) issue exists in the Admin control panel, allowing remote attackers to inject arbitrary web script or HTML. **Recommendations** For MyBB versions prior to 1.8.8, update to version 1.8.8 or later. For MyBB Merge System versions prior to 1.8.8, update to version 1.8.8 or later.

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.8.8 MyBB Merge System versions prior to 1.8.8 **Description** A cross-site scripting (XSS) issue exists in the Users module of the Admin control panel, potentially allowing remote attackers to inject arbitrary web script or HTML. **Recommendations** For MyBB versions prior to 1.8.8, update to version 1.8.8 or later. For MyBB Merge System versions prior to 1.8.8, update to version 1.8.8 or later.