CVE-2015-8973

{"id": "CVE-2015-8973", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 3.9}]}, "published": "2017-01-31T22:59:00.140", "references": [{"url": "http://www.openwall.com/lists/oss-security/2016/11/10/8", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2016/11/18/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/94397", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to the forum password."}, {"lang": "es", "value": "xmlhttp.php en MyBB (tambi\u00e9n conocido como MyBulletinBoard) en versiones anteriores a 1.6.18 y 1.8.x en versiones anteriores a 1.8.6 y MyBB Merge System en versiones anteriores a 1.8.6 permite a atacantes remotos eludir las restricciones de acceso previstas a trav\u00e9s de vectores relacionados con la contrase\u00f1a del foro."}], "lastModified": "2017-02-05T21:11:46.677", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22907EC0-5A2D-4DCF-B887-8FA311B3D4E2", "versionEndIncluding": "1.8.5"}, {"criteria": "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FF6F484-A280-45A6-BB5E-B923339B7109", "versionEndIncluding": "1.6.17"}, {"criteria": "cpe:2.3:a:mybb:mybb:1.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E697D13C-5594-491B-B911-3B4BEA00AFCC"}, {"criteria": "cpe:2.3:a:mybb:mybb:1.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00724054-858F-4322-8BE5-F6929CC2CAD8"}, {"criteria": "cpe:2.3:a:mybb:mybb:1.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95998F68-1F16-4FEA-BDE3-957235D04881"}, {"criteria": "cpe:2.3:a:mybb:mybb:1.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "927F9547-773B-4F2C-8870-AA3672EEC7CA"}, {"criteria": "cpe:2.3:a:mybb:mybb:1.8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6817FA9E-51B7-4ADE-86E2-E9F559A585EC"}, {"criteria": "cpe:2.3:a:mybb:mybb:1.8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "667EFFF1-E5C1-4124-BD0B-D4244FAECE15"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}