Launchpad.net

CVE 2016-9414

MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow remote attackers to obtain sensitive information by leveraging missing directory listing protection in upload directories.

See the CVE page on Mitre.org for more details.