CVE-2006-3954

Name of the Vulnerable Software and Affected Versions MyBB versions 1.x

Description The issue allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do avatar action.

Recommendations For MyBB version 1.x, update to a version that fixes this issue to prevent directory traversal attacks.