Riley Baird

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.8.15 **Description** The issue is related to a File Inclusion vulnerability in the Admin panel, specifically in the Task Manager section. This vulnerability can lead to Local File Inclusion on modern PHP versions and Remote File Inclusion on older PHP versions. The attack requires access to the admin panel. **Recommendations** For versions prior to 1.8.15, update to version 1.8.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin panel, specifically the Task Manager section, to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.8.15 **Description** The issue is related to Incorrect Access Control in Private forums, allowing users to view posts without having the password. This can be exploited by subscribing to a forum through an Insecure Direct Object Reference (IDOR). **Recommendations** For versions prior to 1.8.15, update to version 1.8.15 to resolve the issue.