PT-2025-17240 · Mybb · Mybb
Published
2025-03-09
·
Updated
2025-04-29
·
CVE-2025-29458
CVSS v2.0
8.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
MyBB version 1.8.38
Description
An issue in MyBB allows a remote attacker to obtain sensitive information via the Change Avatar function. The supplier disputes this due to the allowed actions of Board administrators and SSRF mitigation.
Recommendations
For MyBB version 1.8.38, consider disabling the Change Avatar function until a patch is available to prevent remote attackers from obtaining sensitive information.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mybb