MyBB 1.8.5

27 May 2015

code 1805

SecurityMaintenance

Full Package

Install a new MyBB forum or upgrade from older versions.

.zip – 2.1 MB

Download from MyBB.com

md5:

80a24a9a434e0c70e2a21e3b1744378f

Changed Files

Upgrade from the previous version.

.zip – 0.88 MB

Download from MyBB.com

md5:

47e930b70f94991ad3f4435a93bc5c28

How to verify packages

Important Notes

The upgrade script does not need to be run when upgrading to this release with the Changed Files package.

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

Follow the Upgrade Documentation for more detailed instructions.

Security Vulnerabilities Addressed (6)

CWE-287 CVSS:3.1/PR:N Medium risk

Reset password code check could be circumvented in member.php

Reported by solati.sadegh

CWE-345 CVSS:3.1/PR:L Medium risk

Sender email could be spoofed when sending an email to a user in member.php

Reported by onlinedevelopers

CWE-284 CVSS:3.1/PR:N Medium risk

Permissions not checked for post search with old sid in search.php

Reported by pedder55655

CWE-79 CVSS:3.1/PR:N Medium risk

XSS in quick edit function of xmlhttp.php

Reported by TiberiusG

CWE-352 CVSS:3.1/PR:H Low risk

CSRF in ACP mass mail cancellation

Reported by Destroy666 MyBB Team

Low risk

Use of the U+200E Unicode character to create “duplicate” username

Reported by mahdy2021

Issues Resolved (58)

View issues on GitHub

[{"admin":[{"inc":["class_form.php"]},{"modules":[{"config":["calendars.php","mod_tools.php","mycode.php","profile_fields.php","settings.php","smilies.php"]},{"forum":["announcements.php","management.php"]},{"home":["preferences.php"]},{"style":["templates.php","themes.php"]},{"user":["admin_permissions.php","group_promotions.php","groups.php","mass_mail.php","users.php"]}]},"index.php"]},{"images":["headerlinks_sprite.png"]},{"inc":["datahandlers","login.php","pm.php","post.php","user.php","warnings.php",{"languages":[{"english":[{"admin":["config_profile_fields.lang.php","config_settings.lang.php","config_thread_prefixes.lang.php","forum_management.lang.php","global.lang.php","user_users.lang.php"]},"datahandler_post.lang.php","global.lang.php","member.lang.php","private.lang.php","reputation.lang.php","showteam.lang.php"]},"english.php"]},"tasks","delayedmoderation.php","userpruning.php","adminfunctions_templates.php","class_core.php","class_custommoderation.php","class_datacache.php","class_moderation.php","class_parser.php","db_base.php","db_mysql.php","db_mysqli.php","db_pdo.php","db_pgsql.php","db_sqlite.php","functions.php","functions_archive.php","functions_forumlist.php","functions_post.php","functions_search.php","functions_user.php"]},{"install":["resources","adminoptions.xml","mybb_theme.xml","mysql_db_tables.php","pgsql_db_tables.php","settings.xml","sqlite_db_tables.php","upgrade2.php","upgrade3.php","upgrade5.php","upgrade12.php","upgrade30.php","upgrade32.php","upgrade33.php","index.php"]},{"jscripts":[{"sceditor":[{"editor_plugins":["bbcode.js","format.js","undo.js","xhtml.js","jquery.sceditor.bbcode.min.js","jquery.sceditor.default.min.css","jquery.sceditor.min.js","jquery.sceditor.xhtml.min.js"]}]}]},"contact.php","forumdisplay.php","global.php","managegroup.php","member.php","misc.php","modcp.php","moderation.php","newreply.php","newthread.php","private.php","reputation.php","search.php","sendthread.php","showteam.php","showthread.php","stats.php","usercp.php","warnings.php","xmlhttp.php"]

Changed Files ()

Changed Language Files (12)

There are changes to 12 language file(s). Changed languages files can be cross-referenced from the list above.

Changed Templates (8)

codebuttons
modcp
postbit_attachments_images_image
postbit_attachments_thumbnails_thumbnail
private_advanced_search
private_send_tracking
reputation
usercp_profile_contact_fields