MyBB

MyBB provides a free alternative to all the great commercial forum scripts that might be just too expensive for some people.

This forum package is certainly a top-level solution for building discussion boards, coming packed with lots of features and an easy to use administration panel.

There's also an installation wizard included as well, so developers will be able to install it with minimal hassle.

The forum can be customized via templates, themes, and plugins, and it can be installed on various server and database types.

Once setup, webmasters can add forums, smileys, topics, announcements, and various more other features, letting users talk to each other, create threads and contribute to other topics.

On the frontend, there are user profile pages, a calendar, a portal-like page, and many more other features for making user discussions more friendly and more engaging.

What is new in this release:

• Security fixes:
• High Risk: A SQL injection vulnerability in member.php
• Medium Risk: A XSS vulnerability in report.php
• Medium Risk: A XSS vulnerability in inc/class_parser.php
• Low Risk: A XSS vulnerability in admin/modules/style/templates.php
• Low Risk: A XSS vulnerability in admin/modules/config/languages.php

What is new in version 1.8.4:

• Security fixes:
• High Risk: A SQL injection vulnerability in member.php
• Medium Risk: A XSS vulnerability in report.php
• Medium Risk: A XSS vulnerability in inc/class_parser.php
• Low Risk: A XSS vulnerability in admin/modules/style/templates.php
• Low Risk: A XSS vulnerability in admin/modules/config/languages.php

What is new in version 1.8:

• New theme.
• AdminCP PIN.
• Improved Newsfeed.
• Replace CodePress with CodeMirror.
• Stylesheet Display order.
• Inactive/active Plugin list.
• Ability to create own template groups.
• Added Enabled/Disabled indicators to Promotions and MyCodes.
• Template groups updates.
• Disable Attachments Globally.
• ACP Banning Improvements.
• Selectable areas for group/forum settings.
• Warning for marked vulnerable plugins.
• ACP shouldn't reset $mybb->input.
• Admin CP language.
• Disable Default MyCodes.

What is new in version 1.6.15:

• Fixed:
• A XSS vulnerability in video MyCode.

What is new in version 1.6.14:

• Fixed vulnerabilities:
• Possibility of executing PHP code through settings.
• A XSS vulnerability in polls.php.
• A XSS vulnerability in portal.php.
• Password protected forums can be viewed from the portal.
• Super moderators have more permissions than expected.

What is new in version 1.6.13:

• Bugs fixed:
• Possibility of executing PHP code through stylesheets.
• Possibility of executing PHP code through language files.
• A XSS vulnerability in search system.
• Potential weak random string generator.

What is new in version 1.6.12:

• This release fixes 4 vulnerabilities and 10 reported issues causing incorrect functionality of MyBB.

What is new in version 1.6.11:

• This release fixes 5 vulnerabilities and over 65 reported issues causing incorrect functionality of MyBB.

What is new in version 1.6.10:

• Security fixes:
• Risk: Potential SQL Injection when optimizing the database.
• Potential SQL Injection when creating the database backups.
• Potential XSS vulnerability in theme name.
• Improper permission checks for forums where you can only see your own threads.
• XSS vulnerability on debug page.
• Improper input validation in modcp.php.
• Improper input validation in calendar.php.

What is new in version 1.6.9:

• Vulnerabilities fixed:
• High Risk: An SQL vulnerability when editing a post.
• Medium Risk: CAPTCHA systems non effective, providing possible brute-force access.

What is new in version 1.6.8:

• This release fixes over 40 reported issues causing incorrect functionality of MyBB.

What is new in version 1.6.7:

• SQL injection vulnerability within the Admin Control Panel (ACP) in user search.
• SQL injection vulnerability within the ACP in Mail Log.
• SQL injection vulnerability within the ACP in User Inline Moderation.
• XSS within the ACP where an orphaned attachment has a malformed filename.
• Full Path Disclosure if malformed forumread cookie is used.

What is new in version 1.6.6:

• Security fixes:
• Non Critical: Import a non-CSS stylesheet (Theme)
• Low Risk: CSRF vulnerability on Admin CP logout
• Low Risk: CSRF vulnerability when clearing a stored password
• Low Risk: CSRF vulnerability when removing a buddy
• Low Risk: CSRF vulnerability with Admin CP join requests
• Low Risk: CSRF vulnerability in Group Promotions Enable/Disable
• Low Risk: CSRF vulnerability in ACP Edit User (Avatar)
• Low Risk: CSRF vulnerability with activating a user
• Low Risk: XSS vulnerability when moving an event (Calendar)
• Low Risk: XSS vulnerabilities in Akismet plugin
• Low Risk: XSS vulnerabilities in Forum Subscriptions (User CP)
• Low Risk: XSS vulnerability in Moderator Logs
• Low Risk: XSS vulnerability in Edit Post
• Low Risk: XSS vulnerability when editing Announcements

What is new in version 1.6.5:

• 3 vulnerabilities and over 70 reported issues fixed.

What is new in version 1.6.4:

• In 1.6.4, there are 2 new updates and over 100 reported issues fixed.

What is new in version 1.6.3:

• Fixed:
• An SQL injection vulnerability in showthread.php (internal report).
• Issue #1487 - CSRF vulnerability in misc.php?action=markread.

What is new in version 1.6.2:

• MyBB 1.6.2 is a security update to the 1.6 series. It fixes 2 medium risk security vulnerabilities and one low risk issue.