CVE-2012-2326

Name of the Vulnerable Software and Affected Versions MyBB versions prior to 1.6.7

Description A cross-site scripting (XSS) issue exists in the Admin Control Panel (ACP) of MyBB, allowing remote administrators to inject arbitrary web script or HTML via a malformed file name in an orphaned attachment.

Recommendations For versions prior to 1.6.7, update to version 1.6.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the Admin Control Panel (ACP) to minimize the risk of exploitation. Avoid using malformed file names in orphaned attachments until the issue is resolved.