MyBB 1.8.32
21 November 2022
MyBB version 1.8.32 is now available (security release).
Upgrading to MyBB 1.8.32
MyBB 1.8.32 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply MyBB updates as new versions are released, or use Installatron's Clone feature to duplicate an existing MyBB install to test the 1.8.32 upgrade prior to applying it live. Get started managing your MyBB installations with Installatron
What's New in MyBB 1.8.32
Security
- CVE-2022-43707 Visual editor persistent XSS - Cross-site scripting (XSS) vulnerability in the visual MyCode editor (SCEditor) allows remote attackers to inject HTML via user input or stored data. (High Risk)
- CVE-2022-43709 ACP Users SQL injection - SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings. The vulnerable module requires Admin CP access with the Can manage users? permission. (Medium Risk)
- CVE-2022-43708 Attachment upload XSS - Multiple cross-site scripting (XSS) vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially crafted name. (Low Risk)
Bug Fixes & Changes