### [CVE-2015-8973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8973)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to the forum password.

### POC

#### Reference
- http://www.openwall.com/lists/oss-security/2016/11/18/1

#### Github
No PoCs found on GitHub currently.