PatchLeaks - Analysis Report myBB →

[mybb_1836→mybb_1835_build] admin/inc/functions.php AI: 3 vulnerabilities

--- cache/mybb_mybb_1835_build/admin/inc/functions.php	2025-11-13 17:33:20.165221182 +0000+++ cache/mybb_mybb_1836/admin/inc/functions.php	2025-11-13 17:31:52.509649035 +0000@@ -667,20 +667,21 @@ function check_template($template) { 	// Check to see if our database password is in the template-	if(preg_match('#\$config\[(([\'|"]database[\'|"])|([^\'"].*?))\]\[(([\'|"](database|hostname|password|table_prefix|username)[\'|"])|([^\'"].*?))\]#i', $template)) +	if(preg_match('#\$config\[(([\'|"]database[\'|"])|([^\'"].*?))\]\[(([\'|"](database|hostname|password|table_prefix|username)[\'|"])|([^\'"].*?))\]#i', $template) !== 0) 	{ 		return true; 	}  	// System calls via backtick-	if(preg_match('#\$\s*\{#', $template))+	if(preg_match('#\$\s*\{#', $template) !== 0) 	{ 		return true; 	}  	// Any other malicious acts? 	// Courtesy of ZiNgA BuRgA-	if(preg_match("~\\{\\$.+?\\}~s", preg_replace('~\\{\\$+[a-zA-Z_][a-zA-Z_0-9]*((?:-\\>|\\:\\:)\\$*[a-zA-Z_][a-zA-Z_0-9]*|\\[\s*\\$*([\'"]?)[a-zA-Z_ 0-9 ]+\\2\\]\s*)*\\}~', '', $template)))+	$allowed = preg_replace('~\\{\\$+[a-zA-Z_][a-zA-Z_0-9]*((?:-\\>|\\:\\:)\\$*[a-zA-Z_][a-zA-Z_0-9]*|\\[\s*\\$*([\'"]?)[a-zA-Z_ 0-9 ]+\\2\\]\s*)*\\}~', '', $template);+	if($allowed === null || preg_match("~\\{\\$.+?\\}~s", $allowed) !== 0) 	{ 		return true; 	}

AI Analysis

Vulnerability Existed: yes  
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor - admin/inc/functions.php [667-683]  
Old Code:  
```php
if(preg_match('#\$config\[(([\'|"]database[\'|"])|([^\'"].*?))\]\[(([\'|"](database|hostname|password|table_prefix|username)[\'|"])|([^\'"].*?))\]#i', $template)) 
```  
Fixed Code:  
```php
if(preg_match('#\$config\[(([\'|"]database[\'|"])|([^\'"].*?))\]\[(([\'|"](database|hostname|password|table_prefix|username)[\'|"])|([^\'"].*?))\]#i', $template) !== 0)
```

Vulnerability Existed: yes  
CWE-94: Improper Control of Generation of Code ('Code Injection') - admin/inc/functions.php [667-683]  
Old Code:  
```php
if(preg_match('#\$\s*\{#', $template))
```  
Fixed Code:  
```php
if(preg_match('#\$\s*\{#', $template) !== 0)
```

Vulnerability Existed: yes  
CWE-94: Improper Control of Generation of Code ('Code Injection') - admin/inc/functions.php [667-683]  
Old Code:  
```php
if(preg_match("~\\{\\$.+?\\}~s", preg_replace('~\\{\\$+[a-zA-Z_][a-zA-Z_0-9]*((?:-\\>|\\:\\:)\\$*[a-zA-Z_][a-zA-Z_0-9]*|\\[\s*\\$*([\'"]?)[a-zA-Z_ 0-9 ]+\\2\\]\s*)*\\}~', '', $template)))
```  
Fixed Code:  
```php
$allowed = preg_replace('~\\{\\$+[a-zA-Z_][a-zA-Z_0-9]*((?:-\\>|\\:\\:)\\$*[a-zA-Z_][a-zA-Z_0-9]*|\\[\s*\\$*([\'"]?)[a-zA-Z_ 0-9 ]+\\2\\]\s*)*\\}~', '', $template);
if($allowed === null || preg_match("~\\{\\$.+?\\}~s", $allowed) !== 0)
```

[mybb_1836→mybb_1835_build] inc/class_core.php AI: Not Sure

--- cache/mybb_mybb_1835_build/inc/class_core.php	2025-11-13 17:33:20.417237212 +0000+++ cache/mybb_mybb_1836/inc/class_core.php	2025-11-13 17:31:52.787666696 +0000@@ -14,14 +14,14 @@ 	 * 	 * @var string 	 */-	public $version = "1.8.35";+	public $version = "1.8.36";  	/** 	 * The version code of MyBB we're running. 	 * 	 * @var integer 	 */-	public $version_code = 1835;+	public $version_code = 1836;  	/** 	 * The current working directory.

AI Analysis

Vulnerability Existed: not sure  
CWE-Unknown - Unknown - inc/class_core.php 17-24  
[Old Code]  
```php  
public $version = "1.8.35";  
public $version_code = 1835;  
```  
[Fixed Code]  
```php  
public $version = "1.8.36";  
public $version_code = 1836;  
```

[mybb_1837_build→mybb_1837] admin/modules/style/themes.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1837/admin/modules/style/themes.php	2025-11-13 17:31:34.828525973 +0000+++ cache/mybb_mybb_1837_build/admin/modules/style/themes.php	2025-11-13 17:30:45.613401697 +0000@@ -1447,7 +1447,7 @@ 					$sep = " {$lang->and} "; 				} -				$inherited .= $sep.htmlspecialchars_uni($file);+				$inherited .= $sep.$file; 				$sep = $lang->comma;  				++$count;@@ -1558,7 +1558,7 @@ 			$popup->add_item($lang->delete_revert, "index.php?module=style-themes&amp;action=delete_stylesheet&amp;file=".htmlspecialchars_uni($filename)."&amp;tid={$theme['tid']}&amp;my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, '{$lang->confirm_stylesheet_deletion}')"); 		} -		$table->construct_cell("<strong><a href=\"index.php?module=style-themes&amp;action=edit_stylesheet&amp;file=".htmlspecialchars_uni($filename)."&amp;tid={$theme['tid']}\">".htmlspecialchars_uni($filename)."</a></strong>{$inherited}<br />{$attached_to}");+		$table->construct_cell("<strong><a href=\"index.php?module=style-themes&amp;action=edit_stylesheet&amp;file=".htmlspecialchars_uni($filename)."&amp;tid={$theme['tid']}\">{$filename}</a></strong>{$inherited}<br />{$attached_to}"); 		$table->construct_cell($form->generate_numeric_field("disporder[{$theme_stylesheets[$filename]['sid']}]", $properties['disporder'][$filename], array('style' => 'width: 80%; text-align: center;', 'min' => 0)), array("class" => "align_center")); 		$table->construct_cell($popup->fetch(), array("class" => "align_center")); 		$table->construct_row();

AI Analysis

Vulnerability Existed: yes
Cross-Site Scripting (XSS) - CWE-79 - admin/modules/style/themes.php Lines 1447, 1558
[Old Code]
$inherited .= $sep.htmlspecialchars_uni($file);
[Fixed Code]
$inherited .= $sep.$file;

Vulnerability Existed: yes
Cross-Site Scripting (XSS) - CWE-79 - admin/modules/style/themes.php Lines 1447, 1558
[Old Code]
$table->construct_cell("<strong><a href=\"index.php?module=style-themes&amp;action=edit_stylesheet&amp;file=".htmlspecialchars_uni($filename)."&amp;tid={$theme['tid']}\">".htmlspecialchars_uni($filename)."</a></strong>{$inherited}<br />{$attached_to}");
[Fixed Code]
$table->construct_cell("<strong><a href=\"index.php?module=style-themes&amp;action=edit_stylesheet&amp;file=".htmlspecialchars_uni($filename)."&amp;tid={$theme['tid']}\">{$filename}</a></strong>{$inherited}<br />{$attached_to}");

[mybb_1837_build→mybb_1837] admin/modules/user/users.php AI: Not Sure

--- cache/mybb_mybb_1837/admin/modules/user/users.php	2025-11-13 17:31:34.836526482 +0000+++ cache/mybb_mybb_1837_build/admin/modules/user/users.php	2025-11-13 17:30:45.621402205 +0000@@ -943,7 +943,7 @@  	<link rel="stylesheet" href="../jscripts/sceditor/themes/mybb.css" type="text/css" media="all" /> 	<script type="text/javascript" src="../jscripts/sceditor/jquery.sceditor.bbcode.min.js?ver=1832"></script>-	<script type="text/javascript" src="../jscripts/bbcodes_sceditor.js?ver=1837"></script>+	<script type="text/javascript" src="../jscripts/bbcodes_sceditor.js?ver=1832"></script> 	<script type="text/javascript" src="../jscripts/sceditor/plugins/undo.js?ver=1832"></script> EOF; 	$page->output_header($lang->edit_user);

AI Analysis

Vulnerability Existed: not sure  
CWE-829: Inclusion of Functionality from Untrusted Control Sphere - CWE-829 - admin/modules/user/users.php [943]  
[Old Code]  
`<script type="text/javascript" src="../jscripts/bbcodes_sceditor.js?ver=1837"></script>`  
[Fixed Code]  
`<script type="text/javascript" src="../jscripts/bbcodes_sceditor.js?ver=1832"></script>`

[mybb_1837_build→mybb_1837] install/resources/mybb_theme.xml AI: Not Sure

--- cache/mybb_mybb_1837/install/resources/mybb_theme.xml	2025-11-13 17:31:34.954533976 +0000+++ cache/mybb_mybb_1837_build/install/resources/mybb_theme.xml	2025-11-13 17:30:45.682406076 +0000@@ -1,5 +1,5 @@ <?xml version="1.0" encoding="UTF-8"?>-<theme name="MyBB Master Style" version="1837">+<theme name="MyBB Master Style" version="1834"> 	<properties> 		<templateset><![CDATA[1]]></templateset> 		<imgdir><![CDATA[images]]></imgdir>@@ -14159,9 +14159,9 @@ <td class="trow1" width="20%"><strong>{$lang->username}</strong></td> <td class="trow1">{$mybb->user['username']} <span class="smalltext">[<strong><a href="member.php?action=logout&amp;logoutkey={$mybb->user['logoutkey']}">{$lang->change_user}</a></strong>]</span></td> </tr>]]></template>-		<template name="codebuttons" version="1837"><![CDATA[<link rel="stylesheet" href="{$mybb->asset_url}/jscripts/sceditor/themes/{$theme['editortheme']}" type="text/css" media="all" />+		<template name="codebuttons" version="1832"><![CDATA[<link rel="stylesheet" href="{$mybb->asset_url}/jscripts/sceditor/themes/{$theme['editortheme']}" type="text/css" media="all" /> <script type="text/javascript" src="{$mybb->asset_url}/jscripts/sceditor/jquery.sceditor.bbcode.min.js?ver=1832"></script>-<script type="text/javascript" src="{$mybb->asset_url}/jscripts/bbcodes_sceditor.js?ver=1837"></script>+<script type="text/javascript" src="{$mybb->asset_url}/jscripts/bbcodes_sceditor.js?ver=1832"></script> <script type="text/javascript" src="{$mybb->asset_url}/jscripts/sceditor/plugins/undo.js?ver=1832"></script> <script type="text/javascript"> var partialmode = {$mybb->settings['partialmode']},

AI Analysis

Vulnerability Existed: not sure  
CWE-829 - Inclusion of Functionality from Untrusted Control Sphere - install/resources/mybb_theme.xml [14162-14164]  
Old Code:  
```xml
<link rel="stylesheet" href="{$mybb->asset_url}/jscripts/sceditor/themes/{$theme['editortheme']}" type="text/css" media="all" />
<script type="text/javascript" src="{$mybb->asset_url}/jscripts/sceditor/jquery.sceditor.bbcode.min.js?ver=1832"></script>
<script type="text/javascript" src="{$mybb->asset_url}/jscripts/bbcodes_sceditor.js?ver=1837"></script>
```  
Fixed Code:  
```xml
<link rel="stylesheet" href="{$mybb->asset_url}/jscripts/sceditor/themes/{$theme['editortheme']}" type="text/css" media="all" />
<script type="text/javascript" src="{$mybb->asset_url}/jscripts/sceditor/jquery.sceditor.bbcode.min.js?ver=1832"></script>
<script type="text/javascript" src="{$mybb->asset_url}/jscripts/bbcodes_sceditor.js?ver=1832"></script>
```

[mybb_1837_build→mybb_1837] install/resources/upgrade58.php AI: Not Sure

--- cache/mybb_mybb_1837/install/resources/upgrade58.php+++ /dev/null@@ -1,21 +0,0 @@-<?php-/**- * MyBB 1.8- * Copyright 2014 MyBB Group, All Rights Reserved- *- * Website: http://www.mybb.com- * License: http://www.mybb.com/about/license- *- */--/**- * Upgrade Script: 1.8.34, 1.8.35 or 1.8.36- */--$upgrade_detail = array(-    "revert_all_templates" => 0,-    "revert_all_themes" => 0,-    "revert_all_settings" => 0-);--/* Nothing to do for 1.8.34, 1.8.35 or 1.8.36 */

AI Analysis

Vulnerability Existed: not sure  
[CWE Name] - [CWE ID] - [File] [Lines]  
[Old Code]  
[Fixed Code]  

**Explanation:**  
The diff shows the deletion of an upgrade script (`upgrade58.php`). Without knowing the context of what this script did or what vulnerabilities it might have contained, I cannot definitively state whether a security vulnerability existed. The script appears to be a placeholder (with a comment "Nothing to do") for versions 1.8.34-1.8.36, but its removal could be part of a security hardening process. Since I cannot analyze the actual security impact of this deletion, I must mark this as "not sure".

[mybb_1837_build→mybb_1837] jscripts/bbcodes_sceditor.js AI: 1 vulnerabilities

--- cache/mybb_mybb_1837/jscripts/bbcodes_sceditor.js	2025-11-13 17:31:34.984535881 +0000+++ cache/mybb_mybb_1837_build/jscripts/bbcodes_sceditor.js	2025-11-13 17:30:45.689406520 +0000@@ -181,7 +181,7 @@ 				units = "", 				parsed = parseInt(attrs.defaultattr, 10); 			if (!isNaN(parsed)) {-				size = parsed;+				size = attrs.defaultattr; 				if (size < 1) { 					size = 1; 				} else if (size > 50) {

AI Analysis

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE-20 - jscripts/bbcodes_sceditor.js Lines 181-186  
Old Code:  
```javascript
size = parsed;
if (size < 1) {
    size = 1;
} else if (size > 50) {
```  
Fixed Code:  
```javascript
size = attrs.defaultattr;
if (size < 1) {
    size = 1;
} else if (size > 50) {
```

[mybb_1837→mybb_1836] admin/inc/functions_themes.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1836/admin/inc/functions_themes.php	2025-11-13 17:31:52.511649162 +0000+++ cache/mybb_mybb_1837/admin/inc/functions_themes.php	2025-11-13 17:31:34.787523369 +0000@@ -128,11 +128,11 @@  	$query = $db->simple_select("themes", "tid", "name='".$db->escape_string($name)."'", array("limit" => 1)); 	$existingtheme = $db->fetch_array($query);-	if(!empty($options['force_name_check']) && !empty($existingtheme['tid']))+	if(!empty($options['force_name_check']) && $existingtheme) 	{ 		return -3; 	}-	else if(!empty($existingtheme['tid']))+	else if($existingtheme) 	{ 		$options['tid'] = $existingtheme['tid']; 	}

AI Analysis

Vulnerability Existed: not sure  
CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) - admin/inc/functions_themes.php [128]  
[Old Code]  
`$query = $db->simple_select("themes", "tid", "name='".$db->escape_string($name)."'", array("limit" => 1));`  
[Fixed Code]  
`$query = $db->simple_select("themes", "tid", "name='".$db->escape_string($name)."'", array("limit" => 1));`  

Vulnerability Existed: yes  
CWE-476 (NULL Pointer Dereference) - admin/inc/functions_themes.php [130-136]  
[Old Code]  
`if(!empty($options['force_name_check']) && !empty($existingtheme['tid']))`  
`else if(!empty($existingtheme['tid']))`  
[Fixed Code]  
`if(!empty($options['force_name_check']) && $existingtheme)`  
`else if($existingtheme)`

[mybb_1837→mybb_1836] admin/index.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/admin/index.php	2025-11-13 17:31:52.514649353 +0000+++ cache/mybb_mybb_1837/admin/index.php	2025-11-13 17:31:34.791523623 +0000@@ -108,7 +108,7 @@ 	{ 		$user = get_user_by_username($mybb->input['username'], array('fields' => '*')); -		if(!$user['uid'])+		if(!$user) 		{ 			$error = $lang->error_invalid_username; 		}@@ -116,7 +116,7 @@ 	else if($mybb->input['uid']) 	{ 		$user = get_user($mybb->input['uid']);-		if(!$user['uid'])+		if(!$user) 		{ 			$error = $lang->error_invalid_uid; 		}

AI Analysis

Vulnerability Existed: yes  
CWE-840: Business Logic Errors - admin/index.php [Lines 108, 116]  
Old Code:  
```php
if(!$user['uid'])
```  
Fixed Code:  
```php
if(!$user)
```  

Vulnerability Existed: yes  
CWE-287: Improper Authentication - admin/index.php [Lines 108, 116]  
Old Code:  
```php
if(!$user['uid'])
```  
Fixed Code:  
```php
if(!$user)
```  

**Explanation:**  
The original code checked if `$user['uid']` was empty/false to determine if a user exists. However, both `get_user_by_username` and `get_user` can return empty arrays when no user is found. The old check could allow authentication bypass if a user array exists but has no 'uid' key, or if 'uid' evaluates to false. The fix properly checks if the entire user object is false/empty, ensuring robust authentication validation.

[mybb_1837→mybb_1836] admin/modules/config/badwords.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/admin/modules/config/badwords.php	2025-11-13 17:31:52.578653419 +0000+++ cache/mybb_mybb_1837/admin/modules/config/badwords.php	2025-11-13 17:31:34.817525275 +0000@@ -139,7 +139,7 @@ 	$badword = $db->fetch_array($query);  	// Does the bad word not exist?-	if(!$badword['bid'])+	if(!$badword) 	{ 		flash_message($lang->error_invalid_bid, 'error'); 		admin_redirect("index.php?module=config-badwords");@@ -180,7 +180,7 @@ 	$badword = $db->fetch_array($query);  	// Does the bad word not exist?-	if(!$badword['bid'])+	if(!$badword) 	{ 		flash_message($lang->error_invalid_bid, 'error'); 		admin_redirect("index.php?module=config-badwords");

AI Analysis

Vulnerability Existed: yes  
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE-754 - admin/modules/config/badwords.php [Lines 139-180]  
Old Code:  
```php
if(!$badword['bid'])
```  
Fixed Code:  
```php
if(!$badword)
```  

Vulnerability Existed: yes  
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE-754 - admin/modules/config/badwords.php [Lines 139-180]  
Old Code:  
```php
if(!$badword['bid'])
```  
Fixed Code:  
```php
if(!$badword)
```

[mybb_1837→mybb_1836] admin/modules/config/banning.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1836/admin/modules/config/banning.php	2025-11-13 17:31:52.578653419 +0000+++ cache/mybb_mybb_1837/admin/modules/config/banning.php	2025-11-13 17:31:34.817525275 +0000@@ -98,7 +98,7 @@ 	$filter = $db->fetch_array($query);  	// Does the filter not exist?-	if(!$filter['fid'])+	if(!$filter) 	{ 		flash_message($lang->error_invalid_filter, 'error'); 		admin_redirect("index.php?module=config-banning");

AI Analysis

Vulnerability Existed: yes  
CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) - admin/modules/config/banning.php Line 98  
[Old Code]  
```php
if(!$filter['fid'])
```  
[Fixed Code]  
```php
if(!$filter)
```  

**Explanation:**  
The original code checked for the existence of a specific array key (`fid`) from the database query result. If the SQL query returned no rows (empty result set), `$filter` would be `false` or `null`, and accessing `$filter['fid']` would generate a PHP notice and potentially cause unexpected behavior. While not a direct SQL injection, this pattern could lead to security issues if error handling reveals sensitive information or affects application logic. The fix properly checks if the query returned any results before attempting to access array elements, ensuring robust error handling.

[mybb_1837→mybb_1836] admin/modules/config/calendars.php AI: 3 vulnerabilities

--- cache/mybb_mybb_1836/admin/modules/config/calendars.php	2025-11-13 17:31:52.579653482 +0000+++ cache/mybb_mybb_1837/admin/modules/config/calendars.php	2025-11-13 17:31:34.818525338 +0000@@ -132,7 +132,7 @@ 	$calendar = $db->fetch_array($query);  	// Does the calendar not exist?-	if(!$calendar['cid'])+	if(!$calendar) 	{ 		flash_message($lang->error_invalid_calendar, 'error'); 		admin_redirect("index.php?module=config-calendars");@@ -280,7 +280,7 @@ 	$calendar = $db->fetch_array($query);  	// Does the calendar not exist?-	if(!$calendar['cid'])+	if(!$calendar) 	{ 		flash_message($lang->error_invalid_calendar, 'error'); 		admin_redirect("index.php?module=config-calendars");@@ -380,7 +380,7 @@ 	$calendar = $db->fetch_array($query);  	// Does the calendar not exist?-	if(!$calendar['cid'])+	if(!$calendar) 	{ 		flash_message($lang->error_invalid_calendar, 'error'); 		admin_redirect("index.php?module=config-calendars");

AI Analysis

Vulnerability Existed: yes  
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE-754 - admin/modules/config/calendars.php [Lines 132, 280, 380]  
Old Code:  
```php
if(!$calendar['cid'])
```  
Fixed Code:  
```php
if(!$calendar)
```  

Vulnerability Existed: yes  
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE-754 - admin/modules/config/calendars.php [Lines 132, 280, 380]  
Old Code:  
```php
if(!$calendar['cid'])
```  
Fixed Code:  
```php
if(!$calendar)
```  

Vulnerability Existed: yes  
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE-754 - admin/modules/config/calendars.php [Lines 132, 280, 380]  
Old Code:  
```php
if(!$calendar['cid'])
```  
Fixed Code:  
```php
if(!$calendar)
```

[mybb_1837→mybb_1836] admin/modules/config/help_documents.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/admin/modules/config/help_documents.php	2025-11-13 17:31:52.580653546 +0000+++ cache/mybb_mybb_1837/admin/modules/config/help_documents.php	2025-11-13 17:31:34.818525338 +0000@@ -257,7 +257,7 @@ 		$query = $db->simple_select("helpsections", "*", "sid = '".$mybb->get_input('sid', MyBB::INPUT_INT)."'"); 		$section = $db->fetch_array($query); -		if(!$section['sid'])+		if(!$section) 		{ 			flash_message($lang->error_missing_section_id, 'error'); 			admin_redirect("index.php?module=config-help_documents");@@ -368,7 +368,7 @@ 		$doc = $db->fetch_array($query);  		// Invalid document?-		if(!$doc['hid'])+		if(!$doc) 		{ 			flash_message($lang->error_missing_hid, 'error'); 			admin_redirect("index.php?module=config-help_documents");@@ -516,7 +516,7 @@ 			$section = $db->fetch_array($query);  			// Invalid section?-			if(!$section['sid'])+			if(!$section) 			{ 				flash_message($lang->error_missing_section_id, 'error'); 				admin_redirect("index.php?module=config-help_documents");@@ -544,7 +544,7 @@ 			$doc = $db->fetch_array($query);  			// Invalid document?-			if(!$doc['hid'])+			if(!$doc) 			{ 				flash_message($lang->error_missing_hid, 'error'); 				admin_redirect("index.php?module=config-help_documents");

AI Analysis

Vulnerability Existed: yes  
Improper Check for Unusual or Exceptional Conditions - CWE-754 - admin/modules/config/help_documents.php [257, 368, 516, 544]  
[Old Code]  
```php
if(!$section['sid'])
if(!$doc['hid'])
```  
[Fixed Code]  
```php
if(!$section)
if(!$doc)
```  

Vulnerability Existed: yes  
Improper Access Control - CWE-284 - admin/modules/config/help_documents.php [257, 368, 516, 544]  
[Old Code]  
```php
if(!$section['sid'])
if(!$doc['hid'])
```  
[Fixed Code]  
```php
if(!$section)
if(!$doc)
```  

**Explanation:**  
The original code only checked if specific fields (`sid`/`hid`) were empty, which could lead to:  
1. **CWE-754**: The code didn't properly handle cases where the database query returned no results (NULL/false)  
2. **CWE-284**: An attacker could potentially bypass access controls by manipulating database state or providing invalid IDs, as the check only verified field existence rather than the entire record's existence  

The fix ensures proper validation that the database query actually returned a valid result before proceeding, preventing potential security issues when dealing with non-existent records.

[mybb_1837→mybb_1836] admin/modules/config/mod_tools.php AI: 3 vulnerabilities

--- cache/mybb_mybb_1836/admin/modules/config/mod_tools.php	2025-11-13 17:31:52.583653736 +0000+++ cache/mybb_mybb_1837/admin/modules/config/mod_tools.php	2025-11-13 17:31:34.819525402 +0000@@ -24,7 +24,7 @@ 	$tool = $db->fetch_array($query);  	// Does the post tool not exist?-	if(!$tool['tid'])+	if(!$tool) 	{ 		flash_message($lang->error_invalid_post_tool, 'error'); 		admin_redirect("index.php?module=config-mod_tools&action=post_tools");@@ -64,7 +64,7 @@ 	$tool = $db->fetch_array($query);  	// Does the post tool not exist?-	if(!$tool['tid'])+	if(!$tool) 	{ 		flash_message($lang->error_invalid_thread_tool, 'error'); 		admin_redirect("index.php?module=config-mod_tools");@@ -1154,6 +1154,10 @@ 	$page->output_footer(); } +// This will be accounted for both GET and POST requests in both 'add_post_tool' / 'edit_post_tool'+$do_not_split_checked = '';+$split_same_checked = '';+ if($mybb->input['action'] == "edit_post_tool") { 	$query = $db->simple_select("modtools", "COUNT(tid) as tools", "tid = '{$mybb->input['tid']}' AND type='p'");@@ -1200,7 +1204,7 @@ 		{ 			$mybb->input['group_1_groups'] = ''; 		}-	+ 		if($mybb->input['approvethread'] != '' && $mybb->input['approvethread'] != 'approve' && $mybb->input['approvethread'] != 'unapprove' && $mybb->input['approvethread'] != 'toggle') 		{ 			$mybb->input['approvethread'] = '';@@ -1427,6 +1431,7 @@ 	$form = new Form("index.php?module=config-mod_tools&amp;action=edit_post_tool", 'post'); 	echo $form->generate_hidden_field("tid", $mybb->input['tid']); + 	if($errors) 	{ 		$page->output_inline_error($errors);@@ -1508,11 +1513,9 @@ 		if($post_options['splitposts'] == '-1') 		{ 			$do_not_split_checked = ' selected="selected"';-			$split_same_checked = ''; 		} 		else if($post_options['splitposts'] == '-2') 		{-			$do_not_split_checked = ''; 			$split_same_checked = ' selected="selected"'; 		} @@ -2121,7 +2124,6 @@ 		$mybb->input['newreply'] = ''; 		$mybb->input['newreplysubject'] = '{subject}'; 		$do_not_split_checked = ' selected="selected"';-		$split_same_checked = ''; 		$mybb->input['deleteposts'] = '0'; 		$mybb->input['mergeposts'] = '0'; 		$mybb->input['approveposts'] = '';@@ -2407,4 +2409,4 @@ 	$table->output($lang->thread_tools);  	$page->output_footer();-}+}\ No newline at end of file

AI Analysis

Vulnerability Existed: yes  
CWE-639: Authorization Bypass Through User-Controlled Key - CWE-639 - admin/modules/config/mod_tools.php [Lines 24, 64]  
Old Code:  
```php
if(!$tool['tid'])
```  
Fixed Code:  
```php
if(!$tool)
```  

Vulnerability Existed: yes  
CWE-639: Authorization Bypass Through User-Controlled Key - CWE-639 - admin/modules/config/mod_tools.php [Lines 1200-1204]  
Old Code:  
```php
if($mybb->input['group_1_groups'] != '' && !is_array($mybb->input['group_1_groups']))
{
	$mybb->input['group_1_groups'] = '';
}
```  
Fixed Code:  
```php
if($mybb->input['group_1_groups'] != '' && !is_array($mybb->input['group_1_groups']))
{
	$mybb->input['group_1_groups'] = '';
}
```  

Vulnerability Existed: yes  
CWE-639: Authorization Bypass Through User-Controlled Key - CWE-639 - admin/modules/config/mod_tools.php [Lines 1206-1209]  
Old Code:  
```php
if($mybb->input['approvethread'] != '' && $mybb->input['approvethread'] != 'approve' && $mybb->input['approvethread'] != 'unapprove' && $mybb->input['approvethread'] != 'toggle')
{
	$mybb->input['approvethread'] = '';
}
```  
Fixed Code:  
```php
if($mybb->input['approvethread'] != '' && $mybb->input['approvethread'] != 'approve' && $mybb->input['approvethread'] != 'unapprove' && $mybb->input['approvethread'] != 'toggle')
{
	$mybb->input['approvethread'] = '';
}
```

[mybb_1837→mybb_1836] admin/modules/config/mycode.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1836/admin/modules/config/mycode.php	2025-11-13 17:31:52.585653863 +0000+++ cache/mybb_mybb_1837/admin/modules/config/mycode.php	2025-11-13 17:31:34.819525402 +0000@@ -29,7 +29,7 @@ 	$query = $db->simple_select("mycode", "*", "cid='".$mybb->get_input('cid', MyBB::INPUT_INT)."'"); 	$mycode = $db->fetch_array($query); -	if(!$mycode['cid'])+	if(!$mycode) 	{ 		flash_message($lang->error_invalid_mycode, 'error'); 		admin_redirect("index.php?module=config-mycode");@@ -217,7 +217,7 @@ 	$query = $db->simple_select("mycode", "*", "cid='".$mybb->get_input('cid', MyBB::INPUT_INT)."'"); 	$mycode = $db->fetch_array($query); -	if(!$mycode['cid'])+	if(!$mycode) 	{ 		flash_message($lang->error_invalid_mycode, 'error'); 		admin_redirect("index.php?module=config-mycode");@@ -353,7 +353,7 @@ 	$query = $db->simple_select("mycode", "*", "cid='".$mybb->get_input('cid', MyBB::INPUT_INT)."'"); 	$mycode = $db->fetch_array($query); -	if(!$mycode['cid'])+	if(!$mycode) 	{ 		flash_message($lang->error_invalid_mycode, 'error'); 		admin_redirect("index.php?module=config-mycode");

AI Analysis

Vulnerability Existed: yes
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - admin/modules/config/mycode.php Lines 29, 217, 353
Old Code: `$query = $db->simple_select("mycode", "*", "cid='".$mybb->get_input('cid', MyBB::INPUT_INT)."'");`
Fixed Code: `$query = $db->simple_select("mycode", "*", "cid='".$mybb->get_input('cid', MyBB::INPUT_INT)."'");`

Note: While the primary change in the diff is about fixing the condition check for the existence of a mycode record, there's a potential SQL injection vulnerability in the original code that persists in the fixed code. The `$mybb->get_input('cid', MyBB::INPUT_INT)` returns an integer, but it's being concatenated directly into the SQL string without proper escaping. Although the input is cast to integer, the code structure suggests potential SQL injection if the integer casting fails or if there are other injection vectors.

[mybb_1837→mybb_1836] admin/modules/config/post_icons.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/admin/modules/config/post_icons.php	2025-11-13 17:31:52.587653990 +0000+++ cache/mybb_mybb_1837/admin/modules/config/post_icons.php	2025-11-13 17:31:34.820525465 +0000@@ -304,7 +304,7 @@ 	$query = $db->simple_select("icons", "*", "iid='".$mybb->get_input('iid', MyBB::INPUT_INT)."'"); 	$icon = $db->fetch_array($query); -	if(!$icon['iid'])+	if(!$icon) 	{ 		flash_message($lang->error_invalid_post_icon, 'error'); 		admin_redirect("index.php?module=config-post_icons");@@ -387,7 +387,7 @@ 	$query = $db->simple_select("icons", "*", "iid='".$mybb->get_input('iid', MyBB::INPUT_INT)."'"); 	$icon = $db->fetch_array($query); -	if(!$icon['iid'])+	if(!$icon) 	{ 		flash_message($lang->error_invalid_post_icon, 'error'); 		admin_redirect("index.php?module=config-post_icons");

AI Analysis

Vulnerability Existed: yes  
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor - CWE-200 - admin/modules/config/post_icons.php [304-387]  
[Old Code]  
```php
if(!$icon['iid'])
```  
[Fixed Code]  
```php
if(!$icon)
```

Vulnerability Existed: yes  
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor - CWE-200 - admin/modules/config/post_icons.php [304-387]  
[Old Code]  
```php
if(!$icon['iid'])
```  
[Fixed Code]  
```php
if(!$icon)
```

Note: The same vulnerability pattern appears twice in the diff (lines 304 and 387). The fix changes the condition from checking if the 'iid' field exists to checking if the entire icon record exists. This prevents potential information disclosure by ensuring the script properly validates that a valid icon was retrieved from the database before proceeding with operations.

[mybb_1837→mybb_1836] admin/modules/config/questions.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1836/admin/modules/config/questions.php	2025-11-13 17:31:52.588654054 +0000+++ cache/mybb_mybb_1837/admin/modules/config/questions.php	2025-11-13 17:31:34.820525465 +0000@@ -129,7 +129,7 @@ 	$query = $db->simple_select("questions", "*", "qid='".$mybb->get_input('qid', MyBB::INPUT_INT)."'"); 	$question = $db->fetch_array($query); -	if(!$question['qid'])+	if(!$question) 	{ 		flash_message($lang->error_invalid_question, 'error'); 		admin_redirect("index.php?module=config-questions");@@ -255,7 +255,7 @@ 	$query = $db->simple_select("questions", "*", "qid='".$mybb->get_input('qid', MyBB::INPUT_INT)."'"); 	$question = $db->fetch_array($query); -	if(!$question['qid'])+	if(!$question) 	{ 		flash_message($lang->error_invalid_question, 'error'); 		admin_redirect("index.php?module=config-questions");@@ -287,7 +287,7 @@ 	$query = $db->simple_select("questions", "*", "qid='".$mybb->get_input('qid', MyBB::INPUT_INT)."'"); 	$question = $db->fetch_array($query); -	if(!$question['qid'])+	if(!$question) 	{ 		flash_message($lang->error_invalid_question, 'error'); 		admin_redirect("index.php?module=config-questions");@@ -315,7 +315,7 @@ 	$query = $db->simple_select("questions", "*", "qid='".$mybb->get_input('qid', MyBB::INPUT_INT)."'"); 	$question = $db->fetch_array($query); -	if(!$question['qid'])+	if(!$question) 	{ 		flash_message($lang->error_invalid_question, 'error'); 		admin_redirect("index.php?module=config-questions");

AI Analysis

Vulnerability Existed: yes  
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - admin/modules/config/questions.php [129, 255, 287, 315]  
Old Code:  
```php
$query = $db->simple_select("questions", "*", "qid='".$mybb->get_input('qid', MyBB::INPUT_INT)."'");
```  
Fixed Code:  
```php
$query = $db->simple_select("questions", "*", "qid='".$mybb->get_input('qid', MyBB::INPUT_INT)."'");
```  

Note: While the code change itself only modifies the condition check from `!$question['qid']` to `!$question`, the vulnerability exists in the SQL query construction where user input is directly concatenated into the query string without proper parameterization. The `get_input` with `MyBB::INPUT_INT` provides some protection, but this is still an unsafe pattern for SQL query construction.

[mybb_1837→mybb_1836] admin/modules/config/report_reasons.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/admin/modules/config/report_reasons.php	2025-11-13 17:31:52.589654117 +0000+++ cache/mybb_mybb_1837/admin/modules/config/report_reasons.php	2025-11-13 17:31:34.821525529 +0000@@ -125,7 +125,7 @@ 	$query = $db->simple_select("reportreasons", "*", "rid='".$mybb->get_input('rid', MyBB::INPUT_INT)."'"); 	$reason = $db->fetch_array($query); -	if(!$reason['rid'])+	if(!$reason) 	{ 		flash_message($lang->error_invalid_reason, 'error'); 		admin_redirect("index.php?module=config-report_reasons");@@ -243,7 +243,7 @@ 	$query = $db->simple_select("reportreasons", "*", "rid='".$mybb->get_input('rid', MyBB::INPUT_INT)."'"); 	$reason = $db->fetch_array($query); -	if(!$reason['rid'])+	if(!$reason) 	{ 		flash_message($lang->error_invalid_reason, 'error'); 		admin_redirect("index.php?module=config-report_reasons");

AI Analysis

Vulnerability Existed: yes
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE-754 - admin/modules/config/report_reasons.php Lines 125-243
Old Code:
```php
if(!$reason['rid'])
```
Fixed Code:
```php
if(!$reason)
```

Vulnerability Existed: yes
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE-754 - admin/modules/config/report_reasons.php Lines 125-243
Old Code:
```php
if(!$reason['rid'])
```
Fixed Code:
```php
if(!$reason)
```

Note: The same vulnerability fix appears twice in the diff - once at line 125 and once at line 243. Both instances change from checking if a specific field exists in the result array to checking if the result array itself exists. This fixes a potential security issue where an invalid report reason ID could bypass validation if the query returns no results but the code only checked for a missing 'rid' field rather than a completely empty result set.

[mybb_1837→mybb_1836] admin/modules/config/settings.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/admin/modules/config/settings.php	2025-11-13 17:31:52.590654181 +0000+++ cache/mybb_mybb_1837/admin/modules/config/settings.php	2025-11-13 17:31:34.821525529 +0000@@ -118,7 +118,7 @@ 	$group = $db->fetch_array($query);  	// Does the setting not exist?-	if(!$group['gid'])+	if(!$group) 	{ 		flash_message($lang->error_invalid_gid2, 'error'); 		admin_redirect("index.php?module=config-settings&action=manage");@@ -220,7 +220,7 @@ 	$group = $db->fetch_array($query);  	// Does the setting group not exist?-	if(!$group['gid'])+	if(!$group) 	{ 		flash_message($lang->error_invalid_gid2, 'error'); 		admin_redirect("index.php?module=config-settings&action=manage");@@ -454,7 +454,7 @@ 	$setting = $db->fetch_array($query);  	// Does the setting not exist?-	if(!$setting['sid'])+	if(!$setting) 	{ 		flash_message($lang->error_invalid_sid, 'error'); 		admin_redirect("index.php?module=config-settings");@@ -673,7 +673,7 @@ 	$setting = $db->fetch_array($query);  	// Does the setting not exist?-	if(empty($setting['sid']))+	if(!$setting) 	{ 		flash_message($lang->error_invalid_sid, 'error'); 		admin_redirect("index.php?module=config-settings&action=manage");

AI Analysis

Vulnerability Existed: yes
CWE-20: Improper Input Validation - CWE-20 - admin/modules/config/settings.php [118, 220, 454, 673]
[Old Code]
if(!$group['gid'])
if(!$group['gid'])
if(!$setting['sid'])
if(empty($setting['sid']))
[Fixed Code]
if(!$group)
if(!$group)
if(!$setting)
if(!$setting)

Vulnerability Existed: yes
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE-754 - admin/modules/config/settings.php [118, 220, 454, 673]
[Old Code]
if(!$group['gid'])
if(!$group['gid'])
if(!$setting['sid'])
if(empty($setting['sid']))
[Fixed Code]
if(!$group)
if(!$group)
if(!$setting)
if(!$setting)

[mybb_1837→mybb_1836] admin/modules/config/smilies.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1836/admin/modules/config/smilies.php	2025-11-13 17:31:52.592654308 +0000+++ cache/mybb_mybb_1837/admin/modules/config/smilies.php	2025-11-13 17:31:34.821525529 +0000@@ -150,7 +150,7 @@ 	$smilie = $db->fetch_array($query);  	// Does the smilie not exist?-	if(!$smilie['sid'])+	if(!$smilie) 	{ 		flash_message($lang->error_invalid_smilie, 'error'); 		admin_redirect("index.php?module=config-smilies");@@ -274,7 +274,7 @@ 	$smilie = $db->fetch_array($query);  	// Does the smilie not exist?-	if(!$smilie['sid'])+	if(!$smilie) 	{ 		flash_message($lang->error_invalid_smilie, 'error'); 		admin_redirect("index.php?module=config-smilies");

AI Analysis

Vulnerability Existed: yes  
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE-754 - admin/modules/config/smilies.php [150, 274]  
[Old Code]  
```php
if(!$smilie['sid'])
```  
[Fixed Code]  
```php
if(!$smilie)
```  

**Explanation:**  
The original code only checked if the `sid` field was empty/false, which could lead to issues if the database query returns no results (null/empty array). The fix properly validates the entire result set existence, preventing potential null pointer dereferences or incorrect error handling when accessing non-existent smilies. This ensures proper validation before proceeding with smilie operations.

[mybb_1837→mybb_1836] admin/modules/config/spiders.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/admin/modules/config/spiders.php	2025-11-13 17:31:52.593654372 +0000+++ cache/mybb_mybb_1837/admin/modules/config/spiders.php	2025-11-13 17:31:34.822525593 +0000@@ -118,7 +118,7 @@ 	$spider = $db->fetch_array($query);  	// Does the spider not exist?-	if(!$spider['sid'])+	if(!$spider) 	{ 		flash_message($lang->error_invalid_bot, 'error'); 		admin_redirect("index.php?module=config-spiders");@@ -159,7 +159,7 @@ 	$spider = $db->fetch_array($query);  	// Does the spider not exist?-	if(!$spider['sid'])+	if(!$spider) 	{ 		flash_message($lang->error_invalid_bot, 'error'); 		admin_redirect("index.php?module=config-spiders");

AI Analysis

Vulnerability Existed: yes  
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE-754 - admin/modules/config/spiders.php [Lines 118-159]  
Old Code:  
```php
if(!$spider['sid'])
```  
Fixed Code:  
```php
if(!$spider)
```  

Vulnerability Existed: yes  
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE-754 - admin/modules/config/spiders.php [Lines 118-159]  
Old Code:  
```php
if(!$spider['sid'])
```  
Fixed Code:  
```php
if(!$spider)
```

[mybb_1837→mybb_1836] admin/modules/config/warning.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/admin/modules/config/warning.php	2025-11-13 17:31:52.595654499 +0000+++ cache/mybb_mybb_1837/admin/modules/config/warning.php	2025-11-13 17:31:34.822525593 +0000@@ -209,7 +209,7 @@ 	$level = $db->fetch_array($query);  	// Does the warning level not exist?-	if(!$level['lid'])+	if(!$level) 	{ 		flash_message($lang->error_invalid_warning_level, 'error'); 		admin_redirect("index.php?module=config-warning");@@ -412,7 +412,7 @@ 	$level = $db->fetch_array($query);  	// Does the warning level not exist?-	if(!$level['lid'])+	if(!$level) 	{ 		flash_message($lang->error_invalid_warning_level, 'error'); 		admin_redirect("index.php?module=config-warning");@@ -529,7 +529,7 @@ 	$type = $db->fetch_array($query);  	// Does the warning type not exist?-	if(!$type['tid'])+	if(!$type) 	{ 		flash_message($lang->error_invalid_warning_type, 'error'); 		admin_redirect("index.php?module=config-warning");@@ -625,7 +625,7 @@ 	$type = $db->fetch_array($query);  	// Does the warning type not exist?-	if(!$type['tid'])+	if(!$type) 	{ 		flash_message($lang->error_invalid_warning_type, 'error'); 		admin_redirect("index.php?module=config-warning");

AI Analysis

Vulnerability Existed: yes  
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE 754 - admin/modules/config/warning.php [209, 412, 529, 625]  
Old Code:  
```php
if(!$level['lid'])
```  
Fixed Code:  
```php
if(!$level)
```  

Vulnerability Existed: yes  
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE 754 - admin/modules/config/warning.php [209, 412, 529, 625]  
Old Code:  
```php
if(!$type['tid'])
```  
Fixed Code:  
```php
if(!$type)
```

[mybb_1837→mybb_1836] admin/modules/forum/announcements.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/admin/modules/forum/announcements.php	2025-11-13 17:31:52.596654562 +0000+++ cache/mybb_mybb_1837/admin/modules/forum/announcements.php	2025-11-13 17:31:34.823525656 +0000@@ -798,7 +798,7 @@ 	$announcement = $db->fetch_array($query);  	// Does the announcement not exist?-	if(!$announcement['aid'])+	if(!$announcement) 	{ 		flash_message($lang->error_invalid_announcement, 'error'); 		admin_redirect("index.php?module=forum-announcements");

AI Analysis

Vulnerability Existed: yes
CWE-20: Improper Input Validation - CWE-20 - admin/modules/forum/announcements.php 798-801
Old Code:
	// Does the announcement not exist?
	if(!$announcement['aid'])
	{
		flash_message($lang->error_invalid_announcement, 'error');
		admin_redirect("index.php?module=forum-announcements");
Fixed Code:
	// Does the announcement not exist?
	if(!$announcement)
	{
		flash_message($lang->error_invalid_announcement, 'error');
		admin_redirect("index.php?module=forum-announcements");

Vulnerability Existed: yes
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE-754 - admin/modules/forum/announcements.php 798-801
Old Code:
	// Does the announcement not exist?
	if(!$announcement['aid'])
	{
		flash_message($lang->error_invalid_announcement, 'error');
		admin_redirect("index.php?module=forum-announcements");
Fixed Code:
	// Does the announcement not exist?
	if(!$announcement)
	{
		flash_message($lang->error_invalid_announcement, 'error');
		admin_redirect("index.php?module=forum-announcements");

[mybb_1837→mybb_1836] admin/modules/forum/attachments.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/admin/modules/forum/attachments.php	2025-11-13 17:31:52.597654626 +0000+++ cache/mybb_mybb_1837/admin/modules/forum/attachments.php	2025-11-13 17:31:34.823525656 +0000@@ -78,7 +78,7 @@ 	{ 		require_once MYBB_ROOT."inc/functions_upload.php"; -		$query = $db->simple_select("attachments", "aid,pid,posthash, filename", "aid IN (".implode(",", $mybb->input['aids']).")");+		$query = $db->simple_select("attachments", "aid,pid,posthash,filename", "aid IN (".implode(",", $mybb->input['aids']).")"); 		while($attachment = $db->fetch_array($query)) 		{ 			if(!$attachment['pid'])@@ -697,7 +697,7 @@ 		{ 			$user = get_user_by_username($mybb->input['username']); -			if(!$user['uid'])+			if(!$user) 			{ 				if($user_types == 1) 				{

AI Analysis

Vulnerability Existed: yes
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - admin/modules/forum/attachments.php 78
Old Code: $query = $db->simple_select("attachments", "aid,pid,posthash, filename", "aid IN (".implode(",", $mybb->input['aids']).")");
Fixed Code: $query = $db->simple_select("attachments", "aid,pid,posthash,filename", "aid IN (".implode(",", $mybb->input['aids']).")");

Vulnerability Existed: yes
CWE-20: Improper Input Validation - admin/modules/forum/attachments.php 697
Old Code: if(!$user['uid'])
Fixed Code: if(!$user)

[mybb_1837→mybb_1836] admin/modules/forum/management.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/admin/modules/forum/management.php	2025-11-13 17:31:52.599654753 +0000+++ cache/mybb_mybb_1837/admin/modules/forum/management.php	2025-11-13 17:31:34.825525783 +0000@@ -1922,7 +1922,7 @@ 	$mod = $db->fetch_array($query);  	// Does the forum not exist?-	if(!$mod['mid'])+	if(!$mod) 	{ 		flash_message($lang->error_invalid_moderator, 'error'); 		admin_redirect("index.php?module=forum-management&fid={$fid}");@@ -1992,7 +1992,7 @@ 	$forum = $db->fetch_array($query);  	// Does the forum not exist?-	if(!$forum['fid'])+	if(!$forum) 	{ 		flash_message($lang->error_invalid_forum, 'error'); 		admin_redirect("index.php?module=forum-management");

AI Analysis

Vulnerability Existed: yes  
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE-754 - admin/modules/forum/management.php [1922, 1992]  
[Old Code]  
```php
if(!$mod['mid'])
```  
[Fixed Code]  
```php
if(!$mod)
```  

Vulnerability Existed: yes  
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE-754 - admin/modules/forum/management.php [1922, 1992]  
[Old Code]  
```php
if(!$forum['fid'])
```  
[Fixed Code]  
```php
if(!$forum)
```

[mybb_1837→mybb_1836] admin/modules/style/templates.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1836/admin/modules/style/templates.php	2025-11-13 17:31:52.605655134 +0000+++ cache/mybb_mybb_1837/admin/modules/style/templates.php	2025-11-13 17:31:34.827525910 +0000@@ -1435,7 +1435,7 @@ 	$set = $db->fetch_array($query);  	// Does the template not exist?-	if(!$set['sid'])+	if(!$set) 	{ 		flash_message($lang->error_invalid_template_set, 'error'); 		admin_redirect("index.php?module=style-templates");

AI Analysis

Vulnerability Existed: yes  
CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) - admin/modules/style/templates.php 1435-1441  
[Old Code]  
```php
	$set = $db->fetch_array($query);

	// Does the template not exist?
	if(!$set['sid'])
	{
		flash_message($lang->error_invalid_template_set, 'error');
		admin_redirect("index.php?module=style-templates");
```  
[Fixed Code]  
```php
	$set = $db->fetch_array($query);

	// Does the template not exist?
	if(!$set)
	{
		flash_message($lang->error_invalid_template_set, 'error');
		admin_redirect("index.php?module=style-templates");
```

**Explanation:** The original code checked for the existence of a specific array key (`$set['sid']`) rather than checking if the database query returned any results at all (`!$set`). This could lead to an SQL injection vulnerability because if the query fails to return results, the code might proceed with operations using uninitialized or unexpected data. The fix ensures proper validation of the query result before proceeding.

[mybb_1837→mybb_1836] admin/modules/style/themes.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/admin/modules/style/themes.php	2025-11-13 17:31:52.606655197 +0000+++ cache/mybb_mybb_1837/admin/modules/style/themes.php	2025-11-13 17:31:34.828525973 +0000@@ -38,7 +38,7 @@ 	$query = $db->simple_select("themes", "*", "tid='".$mybb->get_input('tid', MyBB::INPUT_INT)."'"); 	$theme = $db->fetch_array($query); -	if(!$theme['tid'] || $theme['tid'] == 1)+	if(!$theme || $theme['tid'] == 1) 	{ 		flash_message($lang->error_invalid_theme, 'error'); 		admin_redirect("index.php?module=style-themes");@@ -55,7 +55,7 @@ 	$stylesheet = $db->fetch_array($query);  	// Does the theme not exist?-	if(!$stylesheet['sid'])+	if(!$stylesheet) 	{ 		flash_message($lang->error_invalid_stylesheet, 'error'); 		admin_redirect("index.php?module=style-themes");@@ -525,7 +525,7 @@ 	$theme = $db->fetch_array($query);  	// Does the theme not exist?-	if(empty($theme['tid']))+	if(!$theme) 	{ 		flash_message($lang->error_invalid_theme, 'error'); 		admin_redirect("index.php?module=style-themes");@@ -759,7 +759,7 @@ 	$theme = $db->fetch_array($query);  	// Does the theme not exist?-	if(!$theme['tid'])+	if(!$theme) 	{ 		flash_message($lang->error_invalid_theme, 'error'); 		admin_redirect("index.php?module=style-themes");@@ -973,7 +973,7 @@ 	$theme = $db->fetch_array($query);  	// Does the theme not exist? or are we trying to delete the master?-	if(!$theme['tid'] || $theme['tid'] == 1)+	if(!$theme || $theme['tid'] == 1) 	{ 		flash_message($lang->error_invalid_theme, 'error'); 		admin_redirect("index.php?module=style-themes");@@ -1093,7 +1093,7 @@ 	$theme = $db->fetch_array($query);  	// Does the theme not exist?-	if(empty($theme['tid']) || $theme['tid'] == 1)+	if(!$theme || $theme['tid'] == 1) 	{ 		flash_message($lang->error_invalid_theme, 'error'); 		admin_redirect("index.php?module=style-themes");@@ -1447,7 +1447,7 @@ 					$sep = " {$lang->and} "; 				} -				$inherited .= $sep.$file;+				$inherited .= $sep.htmlspecialchars_uni($file); 				$sep = $lang->comma;  				++$count;@@ -1558,7 +1558,7 @@ 			$popup->add_item($lang->delete_revert, "index.php?module=style-themes&amp;action=delete_stylesheet&amp;file=".htmlspecialchars_uni($filename)."&amp;tid={$theme['tid']}&amp;my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, '{$lang->confirm_stylesheet_deletion}')"); 		} -		$table->construct_cell("<strong><a href=\"index.php?module=style-themes&amp;action=edit_stylesheet&amp;file=".htmlspecialchars_uni($filename)."&amp;tid={$theme['tid']}\">{$filename}</a></strong>{$inherited}<br />{$attached_to}");+		$table->construct_cell("<strong><a href=\"index.php?module=style-themes&amp;action=edit_stylesheet&amp;file=".htmlspecialchars_uni($filename)."&amp;tid={$theme['tid']}\">".htmlspecialchars_uni($filename)."</a></strong>{$inherited}<br />{$attached_to}"); 		$table->construct_cell($form->generate_numeric_field("disporder[{$theme_stylesheets[$filename]['sid']}]", $properties['disporder'][$filename], array('style' => 'width: 80%; text-align: center;', 'min' => 0)), array("class" => "align_center")); 		$table->construct_cell($popup->fetch(), array("class" => "align_center")); 		$table->construct_row();@@ -1674,7 +1674,7 @@ 	$query = $db->simple_select("themes", "*", "tid='".$mybb->get_input('tid', MyBB::INPUT_INT)."'"); 	$theme = $db->fetch_array($query); -	if(!$theme['tid'] || $theme['tid'] == 1)+	if(!$theme || $theme['tid'] == 1) 	{ 		flash_message($lang->error_invalid_theme, 'error'); 		admin_redirect("index.php?module=style-themes");@@ -1693,7 +1693,7 @@ 	$stylesheet = $db->fetch_array($query);  	// Does the theme not exist?-	if(!$stylesheet['sid'])+	if(!$stylesheet) 	{ 		flash_message($lang->error_invalid_stylesheet, 'error'); 		admin_redirect("index.php?module=style-themes");@@ -2054,7 +2054,7 @@ 	$query = $db->simple_select("themes", "*", "tid='".$mybb->get_input('tid', MyBB::INPUT_INT)."'"); 	$theme = $db->fetch_array($query); -	if(empty($theme['tid']) || $theme['tid'] == 1)+	if(!$theme || $theme['tid'] == 1) 	{ 		flash_message($lang->error_invalid_theme, 'error'); 		admin_redirect("index.php?module=style-themes");@@ -2073,7 +2073,7 @@ 	$stylesheet = $db->fetch_array($query);  	// Does the theme not exist?-	if(!$stylesheet['sid'])+	if(!$stylesheet) 	{ 		flash_message($lang->error_invalid_stylesheet, 'error'); 		admin_redirect("index.php?module=style-themes");@@ -2318,7 +2318,7 @@ 	$query = $db->simple_select("themes", "*", "tid='".$mybb->get_input('tid', MyBB::INPUT_INT)."'"); 	$theme = $db->fetch_array($query); -	if(empty($theme['tid']) || $theme['tid'] == 1)+	if(!$theme || $theme['tid'] == 1) 	{ 		flash_message($lang->error_invalid_theme, 'error'); 		admin_redirect("index.php?module=style-themes");@@ -2488,7 +2488,7 @@ 	$query = $db->simple_select("themes", "*", "tid='".$mybb->get_input('tid', MyBB::INPUT_INT)."'"); 	$theme = $db->fetch_array($query); -	if(!$theme['tid'] || $theme['tid'] == 1)+	if(!$theme || $theme['tid'] == 1) 	{ 		flash_message($lang->error_invalid_theme, 'error'); 		admin_redirect("index.php?module=style-themes");@@ -2507,7 +2507,7 @@ 	$stylesheet = $db->fetch_array($query);  	// Does the theme not exist? or are we trying to delete the master?-	if(!$stylesheet['sid'] || $stylesheet['tid'] == 1)+	if(!$stylesheet || $stylesheet['tid'] == 1) 	{ 		flash_message($lang->error_invalid_stylesheet, 'error'); 		admin_redirect("index.php?module=style-themes");@@ -2550,7 +2550,7 @@ 	$query = $db->simple_select("themes", "*", "tid='".$mybb->get_input('tid', MyBB::INPUT_INT)."'"); 	$theme = $db->fetch_array($query); -	if(empty($theme['tid']) || $theme['tid'] == 1)+	if(!$theme || $theme['tid'] == 1) 	{ 		flash_message($lang->error_invalid_theme, 'error'); 		admin_redirect("index.php?module=style-themes");@@ -2983,7 +2983,7 @@ 	$theme = $db->fetch_array($query);  	// Does the theme not exist?-	if(!$theme['tid'] || $theme['tid'] == 1)+	if(!$theme || $theme['tid'] == 1) 	{ 		flash_message($lang->error_invalid_theme, 'error'); 		admin_redirect("index.php?module=style-themes");@@ -3011,7 +3011,7 @@ 	$theme = $db->fetch_array($query);  	// Does the theme not exist?-	if(!$theme['tid'] || $theme['tid'] == 1)+	if(!$theme || $theme['tid'] == 1) 	{ 		flash_message($lang->error_invalid_theme, 'error'); 		admin_redirect("index.php?module=style-themes");

AI Analysis

Vulnerability Existed: yes
CWE-20: Improper Input Validation - CWE-20 - admin/modules/style/themes.php [Multiple Lines]
Old Code: 
```php
if(!$theme['tid'] || $theme['tid'] == 1)
if(!$stylesheet['sid'])
if(empty($theme['tid']))
if(!$theme['tid'])
if(!$theme['tid'] || $theme['tid'] == 1)
if(empty($theme['tid']) || $theme['tid'] == 1)
if(!$stylesheet['sid'])
if(!$stylesheet['sid'] || $stylesheet['tid'] == 1)
```
Fixed Code:
```php
if(!$theme || $theme['tid'] == 1)
if(!$stylesheet)
if(!$theme)
if(!$theme)
if(!$theme || $theme['tid'] == 1)
if(!$theme || $theme['tid'] == 1)
if(!$stylesheet)
if(!$stylesheet || $stylesheet['tid'] == 1)
```

Vulnerability Existed: yes
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - CWE-79 - admin/modules/style/themes.php [1447, 1558]
Old Code:
```php
$inherited .= $sep.$file;
$table->construct_cell("<strong><a href=\"index.php?module=style-themes&amp;action=edit_stylesheet&amp;file=".htmlspecialchars_uni($filename)."&amp;tid={$theme['tid']}\">{$filename}</a></strong>{$inherited}<br />{$attached_to}");
```
Fixed Code:
```php
$inherited .= $sep.htmlspecialchars_uni($file);
$table->construct_cell("<strong><a href=\"index.php?module=style-themes&amp;action=edit_stylesheet&amp;file=".htmlspecialchars_uni($filename)."&amp;tid={$theme['tid']}\">".htmlspecialchars_uni($filename)."</a></strong>{$inherited}<br />{$attached_to}");
```

[mybb_1837→mybb_1836] admin/modules/tools/mailerrors.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/admin/modules/tools/mailerrors.php	2025-11-13 17:31:52.610655452 +0000+++ cache/mybb_mybb_1837/admin/modules/tools/mailerrors.php	2025-11-13 17:31:34.829526037 +0000@@ -59,7 +59,7 @@ 	$query = $db->simple_select("mailerrors", "*", "eid='".$mybb->get_input('eid', MyBB::INPUT_INT)."'"); 	$log = $db->fetch_array($query); -	if(!$log['eid'])+	if(!$log) 	{ 		exit; 	}

AI Analysis

Vulnerability Existed: yes  
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - admin/modules/tools/mailerrors.php [Line 59]  
Old Code:  
```php
$query = $db->simple_select("mailerrors", "*", "eid='".$mybb->get_input('eid', MyBB::INPUT_INT)."'");
```  
Fixed Code:  
```php
$query = $db->simple_select("mailerrors", "*", "eid='".$mybb->get_input('eid', MyBB::INPUT_INT)."'");
```  

Vulnerability Existed: yes  
CWE-754: Improper Check for Unusual or Exceptional Conditions - admin/modules/tools/mailerrors.php [Line 61]  
Old Code:  
```php
if(!$log['eid'])
```  
Fixed Code:  
```php
if(!$log)
```  

**Explanation:**  
1. The SQL query construction remains vulnerable to SQL injection despite using `MyBB::INPUT_INT` because the input is directly concatenated into the query string without proper parameterization.  
2. The condition check was improved from checking a specific array element to checking the entire result array, which provides better error handling when no record is found.

[mybb_1837→mybb_1836] admin/modules/tools/maillogs.php AI: 3 vulnerabilities

--- cache/mybb_mybb_1836/admin/modules/tools/maillogs.php	2025-11-13 17:31:52.610655452 +0000+++ cache/mybb_mybb_1837/admin/modules/tools/maillogs.php	2025-11-13 17:31:34.829526037 +0000@@ -59,7 +59,7 @@ 	$query = $db->simple_select("maillogs", "*", "mid='".$mybb->get_input('mid', MyBB::INPUT_INT)."'"); 	$log = $db->fetch_array($query); -	if(!$log['mid'])+	if(!$log) 	{ 		exit; 	}@@ -207,14 +207,15 @@ 	else if(!empty($mybb->input['fromname'])) 	{ 		$user = get_user_by_username($mybb->input['fromname'], array('fields' => 'uid, username'));-		$from_filter = $user['username']; -		if(!$user['uid'])+		if(!$user) 		{ 			flash_message($lang->error_invalid_user, 'error'); 			admin_redirect("index.php?module=tools-maillogs"); 		} +		$from_filter = $user['username'];+ 		$additional_sql_criteria .= "AND l.fromuid = '{$user['uid']}'"; 		$additional_criteria[] = "fromuid={$user['uid']}"; 	}@@ -238,14 +239,15 @@ 	else if(!empty($mybb->input['toname'])) 	{ 		$user = get_user_by_username($toname, array('fields' => 'username'));-		$to_filter = $user['username']; -		if(!$user['uid'])+		if(!$user) 		{ 			flash_message($lang->error_invalid_user, 'error'); 			admin_redirect("index.php?module=tools-maillogs"); 		} +		$to_filter = $user['username'];+ 		$additional_sql_criteria .= "AND l.touid='{$user['uid']}'"; 		$additional_criteria[] = "touid={$user['uid']}"; 	}

AI Analysis

Vulnerability Existed: yes  
CWE-639: Authorization Bypass Through User-Controlled Key - admin/modules/tools/maillogs.php [59-63]  
Old Code:  
```php
$query = $db->simple_select("maillogs", "*", "mid='".$mybb->get_input('mid', MyBB::INPUT_INT)."'");
$log = $db->fetch_array($query);

if(!$log['mid'])
{
    exit;
}
```  
Fixed Code:  
```php
$query = $db->simple_select("maillogs", "*", "mid='".$mybb->get_input('mid', MyBB::INPUT_INT)."'");
$log = $db->fetch_array($query);

if(!$log)
{
    exit;
}
```

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - admin/modules/tools/maillogs.php [207-216]  
Old Code:  
```php
else if(!empty($mybb->input['fromname']))
{
    $user = get_user_by_username($mybb->input['fromname'], array('fields' => 'uid, username'));
    $from_filter = $user['username'];

    if(!$user['uid'])
    {
        flash_message($lang->error_invalid_user, 'error');
        admin_redirect("index.php?module=tools-maillogs");
    }

    $additional_sql_criteria .= "AND l.fromuid = '{$user['uid']}'";
    $additional_criteria[] = "fromuid={$user['uid']}";
}
```  
Fixed Code:  
```php
else if(!empty($mybb->input['fromname']))
{
    $user = get_user_by_username($mybb->input['fromname'], array('fields' => 'uid, username'));

    if(!$user)
    {
        flash_message($lang->error_invalid_user, 'error');
        admin_redirect("index.php?module=tools-maillogs");
    }

    $from_filter = $user['username'];

    $additional_sql_criteria .= "AND l.fromuid = '{$user['uid']}'";
    $additional_criteria[] = "fromuid={$user['uid']}";
}
```

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - admin/modules/tools/maillogs.php [238-247]  
Old Code:  
```php
else if(!empty($mybb->input['toname']))
{
    $user = get_user_by_username($toname, array('fields' => 'username'));
    $to_filter = $user['username'];

    if(!$user['uid'])
    {
        flash_message($lang->error_invalid_user, 'error');
        admin_redirect("index.php?module=tools-maillogs");
    }

    $additional_sql_criteria .= "AND l.touid='{$user['uid']}'";
    $additional_criteria[] = "touid={$user['uid']}";
}
```  
Fixed Code:  
```php
else if(!empty($mybb->input['toname']))
{
    $user = get_user_by_username($toname, array('fields' => 'username'));

    if(!$user)
    {
        flash_message($lang->error_invalid_user, 'error');
        admin_redirect("index.php?module=tools-maillogs");
    }

    $to_filter = $user['username'];

    $additional_sql_criteria .= "AND l.touid='{$user['uid']}'";
    $additional_criteria[] = "touid={$user['uid']}";
}
```

[mybb_1837→mybb_1836] admin/modules/tools/tasks.php AI: 3 vulnerabilities

--- cache/mybb_mybb_1836/admin/modules/tools/tasks.php	2025-11-13 17:31:52.618655960 +0000+++ cache/mybb_mybb_1837/admin/modules/tools/tasks.php	2025-11-13 17:31:34.832526227 +0000@@ -254,7 +254,7 @@ 	$task = $db->fetch_array($query);  	// Does the task not exist?-	if(!$task['tid'])+	if(!$task) 	{ 		flash_message($lang->error_invalid_task, 'error'); 		admin_redirect("index.php?module=tools-tasks");@@ -459,7 +459,7 @@ 	$task = $db->fetch_array($query);  	// Does the task not exist?-	if(!$task['tid'])+	if(!$task) 	{ 		flash_message($lang->error_invalid_task, 'error'); 		admin_redirect("index.php?module=tools-tasks");@@ -509,7 +509,7 @@ 	$task = $db->fetch_array($query);  	// Does the task not exist?-	if(!$task['tid'])+	if(!$task) 	{ 		flash_message($lang->error_invalid_task, 'error'); 		admin_redirect("index.php?module=tools-tasks");@@ -603,7 +603,7 @@ 	$task = $db->fetch_array($query);  	// Does the task not exist?-	if(!$task['tid'])+	if(!$task) 	{ 		flash_message($lang->error_invalid_task, 'error'); 		admin_redirect("index.php?module=tools-tasks");

AI Analysis

Vulnerability Existed: yes
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE-754 - admin/modules/tools/tasks.php [254, 459, 509, 603]
Old Code:
if(!$task['tid'])
Fixed Code:
if(!$task)

Vulnerability Existed: yes
CWE-20: Improper Input Validation - CWE-20 - admin/modules/tools/tasks.php [254, 459, 509, 603]
Old Code:
if(!$task['tid'])
Fixed Code:
if(!$task)

Vulnerability Existed: yes
CWE-391: Unchecked Error Condition - CWE-391 - admin/modules/tools/tasks.php [254, 459, 509, 603]
Old Code:
if(!$task['tid'])
Fixed Code:
if(!$task)

[mybb_1837→mybb_1836] admin/modules/tools/warninglog.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1836/admin/modules/tools/warninglog.php	2025-11-13 17:31:52.619656023 +0000+++ cache/mybb_mybb_1837/admin/modules/tools/warninglog.php	2025-11-13 17:31:34.832526227 +0000@@ -24,7 +24,7 @@ 	$query = $db->simple_select("warnings", "*", "wid='".$mybb->get_input('wid', MyBB::INPUT_INT)."'"); 	$warning = $db->fetch_array($query); -	if(!$warning['wid'])+	if(!$warning) 	{ 		flash_message($lang->error_invalid_warning, 'error'); 		admin_redirect("index.php?module=tools-warninglog");@@ -96,7 +96,7 @@ 	"); 	$warning = $db->fetch_array($query); -	if(!$warning['wid'])+	if(!$warning) 	{ 		flash_message($lang->error_invalid_warning, 'error'); 		admin_redirect("index.php?module=tools-warninglog");

AI Analysis

Vulnerability Existed: yes  
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE-754 - admin/modules/tools/warninglog.php [24, 96]  
[Old Code]  
```php
if(!$warning['wid'])
```  
[Fixed Code]  
```php
if(!$warning)
```  

**Explanation:**  
The original code only checked if the 'wid' field was empty/falsy, which could be bypassed if an attacker manipulated the database or provided a crafted 'wid' that exists but has a falsy 'wid' value. The fix properly validates that the entire query result exists, ensuring the warning record is genuinely valid before proceeding. This prevents potential unauthorized access or operations on invalid warnings.

[mybb_1837→mybb_1836] admin/modules/user/banning.php AI: 4 vulnerabilities

--- cache/mybb_mybb_1836/admin/modules/user/banning.php	2025-11-13 17:31:52.622656214 +0000+++ cache/mybb_mybb_1837/admin/modules/user/banning.php	2025-11-13 17:31:34.833526291 +0000@@ -62,7 +62,7 @@ 	$query = $db->simple_select("banned", "*", "uid='{$mybb->input['uid']}'"); 	$ban = $db->fetch_array($query); -	if(!$ban['uid'])+	if(!$ban) 	{ 		flash_message($lang->error_invalid_ban, 'error'); 		admin_redirect("index.php?module=user-banning");@@ -70,7 +70,7 @@  	$user = get_user($ban['uid']); -	if(is_super_admin($user['uid']) && ($mybb->user['uid'] != $user['uid'] && !is_super_admin($mybb->user['uid'])))+	if(!$user || (is_super_admin($user['uid']) && ($mybb->user['uid'] != $user['uid'] && !is_super_admin($mybb->user['uid'])))) 	{ 		flash_message($lang->cannot_perform_action_super_admin_general, 'error'); 		admin_redirect("index.php?module=user-banning");@@ -122,7 +122,7 @@ 	$query = $db->simple_select("banned", "*", "uid='{$mybb->input['uid']}'"); 	$ban = $db->fetch_array($query); -	if(!$ban['uid'])+	if(!$ban) 	{ 		flash_message($lang->error_invalid_ban, 'error'); 		admin_redirect("index.php?module=user-banning");@@ -130,7 +130,7 @@  	$user = get_user($ban['uid']); -	if(is_super_admin($user['uid']) && ($mybb->user['uid'] != $user['uid'] && !is_super_admin($mybb->user['uid'])))+	if(!$user || (is_super_admin($user['uid']) && ($mybb->user['uid'] != $user['uid'] && !is_super_admin($mybb->user['uid'])))) 	{ 		flash_message($lang->cannot_perform_action_super_admin_general, 'error'); 		admin_redirect("index.php?module=user-banning");@@ -170,7 +170,7 @@ 	$query = $db->simple_select("banned", "*", "uid='{$mybb->input['uid']}'"); 	$ban = $db->fetch_array($query); -	if(empty($ban['uid']))+	if(!$ban) 	{ 		flash_message($lang->error_invalid_ban, 'error'); 		admin_redirect("index.php?module=user-banning");@@ -182,7 +182,7 @@  	if($mybb->request_method == "post") 	{-		if(!$ban['uid'])+		if(empty($ban['uid'])) 		{ 			$errors[] = $lang->error_invalid_username; 		}@@ -334,7 +334,7 @@ 		} 		else 		{-			if(empty($user['uid']))+			if(!$user) 			{ 				$errors[] = $lang->error_invalid_username; 			}

AI Analysis

Vulnerability Existed: yes  
CWE-639: Authorization Bypass Through User-Controlled Key - CWE-639 - admin/modules/user/banning.php [70,130,182]  
Old Code:  
```php
$user = get_user($ban['uid']);

if(is_super_admin($user['uid']) && ($mybb->user['uid'] != $user['uid'] && !is_super_admin($mybb->user['uid'])))
```  
Fixed Code:  
```php
$user = get_user($ban['uid']);

if(!$user || (is_super_admin($user['uid']) && ($mybb->user['uid'] != $user['uid'] && !is_super_admin($mybb->user['uid']))))
```

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE-20 - admin/modules/user/banning.php [62,122,170]  
Old Code:  
```php
if(!$ban['uid'])
```  
Fixed Code:  
```php
if(!$ban)
```

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE-20 - admin/modules/user/banning.php [182]  
Old Code:  
```php
if(!$ban['uid'])
```  
Fixed Code:  
```php
if(empty($ban['uid']))
```

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE-20 - admin/modules/user/banning.php [334]  
Old Code:  
```php
if(empty($user['uid']))
```  
Fixed Code:  
```php
if(!$user)
```

[mybb_1837→mybb_1836] admin/modules/user/group_promotions.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1836/admin/modules/user/group_promotions.php	2025-11-13 17:31:52.623656277 +0000+++ cache/mybb_mybb_1837/admin/modules/user/group_promotions.php	2025-11-13 17:31:34.833526291 +0000@@ -52,7 +52,7 @@ 	$query = $db->simple_select("promotions", "*", "pid='".$mybb->get_input('pid', MyBB::INPUT_INT)."'"); 	$promotion = $db->fetch_array($query); -	if(!$promotion['pid'])+	if(!$promotion) 	{ 		flash_message($lang->error_invalid_promo_id, 'error'); 		admin_redirect("index.php?module=user-group_promotions");@@ -98,7 +98,7 @@ 	$query = $db->simple_select("promotions", "*", "pid='".$mybb->get_input('pid', MyBB::INPUT_INT)."'"); 	$promotion = $db->fetch_array($query); -	if(!$promotion['pid'])+	if(!$promotion) 	{ 		flash_message($lang->error_invalid_promo_id, 'error'); 		admin_redirect("index.php?module=user-group_promotions");@@ -141,7 +141,7 @@ 	$query = $db->simple_select("promotions", "*", "pid='".$mybb->get_input('pid', MyBB::INPUT_INT)."'"); 	$promotion = $db->fetch_array($query); -	if(!$promotion['pid'])+	if(!$promotion) 	{ 		flash_message($lang->error_invalid_promo_id, 'error'); 		admin_redirect("index.php?module=user-group_promotions");

AI Analysis

Vulnerability Existed: yes  
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - CWE-89 - admin/modules/user/group_promotions.php [Lines 52, 98, 141]  
Old Code:  
```php
$query = $db->simple_select("promotions", "*", "pid='".$mybb->get_input('pid', MyBB::INPUT_INT)."'");
```  
Fixed Code:  
```php
$query = $db->simple_select("promotions", "*", "pid='".$mybb->get_input('pid', MyBB::INPUT_INT)."'");
```  

Note: While the SQL query construction remains the same, the vulnerability fix is actually in the validation logic. The old code checked `if(!$promotion['pid'])` which could be bypassed if the query returned a row with a 'pid' value of 0 or empty. The fixed code checks `if(!$promotion)` which properly validates that a promotion record was actually found. This prevents potential logic flaws and unauthorized access to non-existent promotions.

[mybb_1837→mybb_1836] admin/modules/user/groups.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/admin/modules/user/groups.php	2025-11-13 17:31:52.624656341 +0000+++ cache/mybb_mybb_1837/admin/modules/user/groups.php	2025-11-13 17:31:34.834526355 +0000@@ -122,7 +122,7 @@ 	$query = $db->simple_select("joinrequests", "*", "rid='".$mybb->input['rid']."'"); 	$request = $db->fetch_array($query); -	if(!$request['rid'])+	if(!$request) 	{ 		flash_message($lang->error_invalid_join_request, 'error'); 		admin_redirect("index.php?module=user-groups");@@ -153,7 +153,7 @@ 	$query = $db->simple_select("joinrequests", "*", "rid='".$mybb->input['rid']."'"); 	$request = $db->fetch_array($query); -	if(!$request['rid'])+	if(!$request) 	{ 		flash_message($lang->error_invalid_join_request, 'error'); 		admin_redirect("index.php?module=user-groups");@@ -181,7 +181,7 @@ 	$query = $db->simple_select("usergroups", "*", "gid='".$mybb->get_input('gid', MyBB::INPUT_INT)."'"); 	$group = $db->fetch_array($query); -	if(!$group['gid'] || $group['type'] != 4)+	if(!$group || $group['type'] != 4) 	{ 		flash_message($lang->error_invalid_user_group, 'error'); 		admin_redirect("index.php?module=user-groups");@@ -316,7 +316,7 @@ 	$query = $db->simple_select("usergroups", "*", "gid='".$mybb->get_input('gid', MyBB::INPUT_INT)."'"); 	$group = $db->fetch_array($query); -	if(!$group['gid'])+	if(!$group) 	{ 		flash_message($lang->error_invalid_user_group, 'error'); 		admin_redirect("index.php?module=user-group");@@ -325,7 +325,7 @@ 	$plugins->run_hooks("admin_user_groups_add_leader");  	$user = get_user_by_username($mybb->input['username'], array('fields' => 'username'));-	if(empty($user['uid']))+	if(!$user) 	{ 		$errors[] = $lang->error_invalid_username; 	}@@ -383,7 +383,7 @@ 	$query = $db->simple_select("usergroups", "*", "gid='".$mybb->get_input('gid', MyBB::INPUT_INT)."'"); 	$group = $db->fetch_array($query); -	if(!$group['gid'])+	if(!$group) 	{ 		flash_message($lang->error_invalid_user_group, 'error'); 		admin_redirect("index.php?module=user-groups");@@ -543,7 +543,7 @@ 		WHERE l.lid='".$mybb->get_input('lid', MyBB::INPUT_INT)."'"); 	$leader = $db->fetch_array($query); -	if(!$leader['lid'])+	if(!$leader) 	{ 		flash_message($lang->error_invalid_group_leader, 'error'); 		admin_redirect("index.php?module=user-groups");@@ -593,7 +593,7 @@ 	"); 	$leader = $db->fetch_array($query); -	if(!$leader['lid'])+	if(!$leader) 	{ 		flash_message($lang->error_invalid_group_leader, 'error'); 		admin_redirect("index.php?module=user-groups");@@ -801,7 +801,7 @@ 	$query = $db->simple_select("usergroups", "*", "gid='".$mybb->get_input('gid', MyBB::INPUT_INT)."'"); 	$usergroup = $db->fetch_array($query); -	if(!$usergroup['gid'])+	if(!$usergroup) 	{ 		flash_message($lang->error_invalid_user_group, 'error'); 		admin_redirect("index.php?module=user-group");@@ -1286,7 +1286,7 @@ 	$query = $db->simple_select("usergroups", "*", "gid='".$mybb->get_input('gid', MyBB::INPUT_INT)."'"); 	$usergroup = $db->fetch_array($query); -	if(!$usergroup['gid'])+	if(!$usergroup) 	{ 		flash_message($lang->error_invalid_user_group, 'error'); 		admin_redirect("index.php?module=user-groups");

AI Analysis

Vulnerability Existed: yes
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE-754 - admin/modules/user/groups.php [122, 153, 181, 316, 325, 383, 543, 593, 801, 1286]
[Old Code]
if(!$request['rid'])
if(!$group['gid'] || $group['type'] != 4)
if(!$group['gid'])
if(empty($user['uid']))
if(!$leader['lid'])
if(!$usergroup['gid'])
[Fixed Code]
if(!$request)
if(!$group || $group['type'] != 4)
if(!$group)
if(!$user)
if(!$leader)
if(!$usergroup)

Vulnerability Existed: yes
CWE-20: Improper Input Validation - CWE-20 - admin/modules/user/groups.php [325]
[Old Code]
if(empty($user['uid']))
[Fixed Code]
if(!$user)

[mybb_1837→mybb_1836] admin/modules/user/mass_mail.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/admin/modules/user/mass_mail.php	2025-11-13 17:31:52.625656405 +0000+++ cache/mybb_mybb_1837/admin/modules/user/mass_mail.php	2025-11-13 17:31:34.834526355 +0000@@ -47,7 +47,7 @@  	$query = $db->simple_select("massemails", "*", "mid='".$mybb->get_input('mid', MyBB::INPUT_INT)."'"); 	$email = $db->fetch_array($query);-	if(!$email['mid'])+	if(!$email) 	{ 		flash_message($lang->error_invalid_mid, 'error'); 		admin_redirect("index.php?module=user-mass_mail");@@ -300,7 +300,7 @@ 	echo $form->generate_hidden_field("mid", $email['mid']);  	$mid_add = '';-	if($email['mid'])+	if(!empty($email['mid'])) 	{ 		$mid_add = "&amp;mid={$email['mid']}"; 	}@@ -632,7 +632,7 @@ 	{ 		$query = $db->simple_select("massemails", "*", "status=0 and mid='".$mybb->get_input('mid', MyBB::INPUT_INT)."'"); 		$email = $db->fetch_array($query);-		if(empty($email['mid']) && $mybb->input['step'] != 1)+		if(!$email && $mybb->input['step'] != 1) 		{ 			flash_message($lang->error_invalid_mid, 'error'); 			admin_redirect("index.php?module=user-mass_mail");@@ -1283,7 +1283,7 @@  		if($mybb->get_input('format') == 2) 		{-			if($mybb->get_input('automatic_text') && !$email['mid'])+			if($mybb->get_input('automatic_text') && empty($email['mid'])) 			{ 				$automatic_text_check = true; 				$text_display = 'display: none';

AI Analysis

Vulnerability Existed: yes
Improper Access Control - CWE-284 - admin/modules/user/mass_mail.php [47-52]
[Old Code]
	$query = $db->simple_select("massemails", "*", "mid='".$mybb->get_input('mid', MyBB::INPUT_INT)."'");
	$email = $db->fetch_array($query);
	if(!$email['mid'])
	{
		flash_message($lang->error_invalid_mid, 'error');
		admin_redirect("index.php?module=user-mass_mail");
[Fixed Code]
	$query = $db->simple_select("massemails", "*", "mid='".$mybb->get_input('mid', MyBB::INPUT_INT)."'");
	$email = $db->fetch_array($query);
	if(!$email)
	{
		flash_message($lang->error_invalid_mid, 'error');
		admin_redirect("index.php?module=user-mass_mail");

Vulnerability Existed: yes
Improper Access Control - CWE-284 - admin/modules/user/mass_mail.php [632-637]
[Old Code]
	{
		$query = $db->simple_select("massemails", "*", "status=0 and mid='".$mybb->get_input('mid', MyBB::INPUT_INT)."'");
		$email = $db->fetch_array($query);
		if(empty($email['mid']) && $mybb->input['step'] != 1)
		{
			flash_message($lang->error_invalid_mid, 'error');
			admin_redirect("index.php?module=user-mass_mail");
[Fixed Code]
	{
		$query = $db->simple_select("massemails", "*", "status=0 and mid='".$mybb->get_input('mid', MyBB::INPUT_INT)."'");
		$email = $db->fetch_array($query);
		if(!$email && $mybb->input['step'] != 1)
		{
			flash_message($lang->error_invalid_mid, 'error');
			admin_redirect("index.php?module=user-mass_mail");

Vulnerability Existed: not sure
Incorrect Authorization - CWE-863 - admin/modules/user/mass_mail.php [300-305]
[Old Code]
	echo $form->generate_hidden_field("mid", $email['mid']);

	$mid_add = '';
	if($email['mid'])
	{
		$mid_add = "&amp;mid={$email['mid']}";
	}
[Fixed Code]
	echo $form->generate_hidden_field("mid", $email['mid']);

	$mid_add = '';
	if(!empty($email['mid']))
	{
		$mid_add = "&amp;mid={$email['mid']}";
	}

Vulnerability Existed: not sure
Incorrect Authorization - CWE-863 - admin/modules/user/mass_mail.php [1283-1287]
[Old Code]
		if($mybb->get_input('format') == 2)
		{
			if($mybb->get_input('automatic_text') && !$email['mid'])
			{
				$automatic_text_check = true;
				$text_display = 'display: none';
[Fixed Code]
		if($mybb->get_input('format') == 2)
		{
			if($mybb->get_input('automatic_text') && empty($email['mid']))
			{
				$automatic_text_check = true;
				$text_display = 'display: none';

[mybb_1837→mybb_1836] admin/modules/user/titles.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/admin/modules/user/titles.php	2025-11-13 17:31:52.626656468 +0000+++ cache/mybb_mybb_1837/admin/modules/user/titles.php	2025-11-13 17:31:34.835526418 +0000@@ -117,7 +117,7 @@ 	$query = $db->simple_select("usertitles", "*", "utid='".$mybb->get_input('utid', MyBB::INPUT_INT)."'"); 	$usertitle = $db->fetch_array($query); -	if(!$usertitle['utid'])+	if(!$usertitle) 	{ 		flash_message($lang->error_invalid_user_title, 'error'); 		admin_redirect("index.php?module=user-titles");@@ -209,7 +209,7 @@ 	$query = $db->simple_select("usertitles", "*", "utid='".$mybb->get_input('utid', MyBB::INPUT_INT)."'"); 	$usertitle = $db->fetch_array($query); -	if(!$usertitle['utid'])+	if(!$usertitle) 	{ 		flash_message($lang->error_invalid_user_title, 'error'); 		admin_redirect("index.php?module=user-titles");

AI Analysis

Vulnerability Existed: yes  
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE-754 - admin/modules/user/titles.php [117-209]  
Old Code:  
```php
if(!$usertitle['utid'])
```  
Fixed Code:  
```php
if(!$usertitle)
```  

Vulnerability Existed: yes  
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE-754 - admin/modules/user/titles.php [209-209]  
Old Code:  
```php
if(!$usertitle['utid'])
```  
Fixed Code:  
```php
if(!$usertitle)
```

[mybb_1837→mybb_1836] admin/modules/user/users.php AI: 3 vulnerabilities

--- cache/mybb_mybb_1836/admin/modules/user/users.php	2025-11-13 17:31:52.629656659 +0000+++ cache/mybb_mybb_1837/admin/modules/user/users.php	2025-11-13 17:31:34.836526482 +0000@@ -219,7 +219,7 @@ 	$user = get_user($mybb->input['uid']);  	// Does the user not exist?-	if(!$user['uid'] || $user['usergroup'] != 5)+	if(!$user || $user['usergroup'] != 5) 	{ 		flash_message($lang->error_invalid_user, 'error'); 		admin_redirect("index.php?module=user-users");@@ -435,7 +435,7 @@ 	$user = get_user($mybb->input['uid']);  	// Does the user not exist?-	if(!$user['uid'])+	if(!$user) 	{ 		flash_message($lang->error_invalid_user, 'error'); 		admin_redirect("index.php?module=user-users");@@ -943,7 +943,7 @@  	<link rel="stylesheet" href="../jscripts/sceditor/themes/mybb.css" type="text/css" media="all" /> 	<script type="text/javascript" src="../jscripts/sceditor/jquery.sceditor.bbcode.min.js?ver=1832"></script>-	<script type="text/javascript" src="../jscripts/bbcodes_sceditor.js?ver=1832"></script>+	<script type="text/javascript" src="../jscripts/bbcodes_sceditor.js?ver=1837"></script> 	<script type="text/javascript" src="../jscripts/sceditor/plugins/undo.js?ver=1832"></script> EOF; 	$page->output_header($lang->edit_user);@@ -1759,7 +1759,7 @@ 	$user = get_user($mybb->input['uid']);  	// Does the user not exist?-	if(!$user['uid'])+	if(!$user) 	{ 		flash_message($lang->error_invalid_user, 'error'); 		admin_redirect("index.php?module=user-users");

AI Analysis

Vulnerability Existed: yes  
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE-754 - admin/modules/user/users.php [219]  
Old Code:  
```php
if(!$user['uid'] || $user['usergroup'] != 5)
```  
Fixed Code:  
```php
if(!$user || $user['usergroup'] != 5)
```

Vulnerability Existed: yes  
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE-754 - admin/modules/user/users.php [435]  
Old Code:  
```php
if(!$user['uid'])
```  
Fixed Code:  
```php
if(!$user)
```

Vulnerability Existed: yes  
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE-754 - admin/modules/user/users.php [1759]  
Old Code:  
```php
if(!$user['uid'])
```  
Fixed Code:  
```php
if(!$user)
```

Vulnerability Existed: not sure  
CWE-829: Inclusion of Functionality from Untrusted Control Sphere - CWE-829 - admin/modules/user/users.php [943]  
Old Code:  
```php
<script type="text/javascript" src="../jscripts/bbcodes_sceditor.js?ver=1832"></script>
```  
Fixed Code:  
```php
<script type="text/javascript" src="../jscripts/bbcodes_sceditor.js?ver=1837"></script>
```

[mybb_1837→mybb_1836] archive/global.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/archive/global.php	2025-11-13 17:31:52.658658501 +0000+++ cache/mybb_mybb_1837/archive/global.php	2025-11-13 17:31:34.842526863 +0000@@ -113,7 +113,7 @@ 			WHERE a.aid='{$id}' AND startdate < '{$time}'  AND (enddate > '{$time}' OR enddate = 0) 		"); 		$announcement = $db->fetch_array($query);-		if(!$announcement['aid'])+		if(!$announcement) 		{ 			$action = "404"; 		}@@ -122,7 +122,7 @@ 	{ 		$query = $db->simple_select("threads", "*", "tid='{$id}' AND closed NOT LIKE 'moved|%'"); 		$thread = $db->fetch_array($query);-		if(!$thread['tid'])+		if(!$thread) 		{ 			$action = "404"; 		}@@ -131,7 +131,7 @@ 	{ 		$query = $db->simple_select("forums", "*", "fid='{$id}' AND active!=0 AND password=''"); 		$forum = $db->fetch_array($query);-		if(!$forum['fid'])+		if(!$forum) 		{ 			$action = "404"; 		}

AI Analysis

Vulnerability Existed: yes
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor - CWE-200 - archive/global.php [113-131]
[Old Code]
		$announcement = $db->fetch_array($query);
		if(!$announcement['aid'])
[...]
		$thread = $db->fetch_array($query);
		if(!$thread['tid'])
[...]
		$forum = $db->fetch_array($query);
		if(!$forum['fid'])
[Fixed Code]
		$announcement = $db->fetch_array($query);
		if(!$announcement)
[...]
		$thread = $db->fetch_array($query);
		if(!$thread)
[...]
		$forum = $db->fetch_array($query);
		if(!$forum)

Vulnerability Existed: yes
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor - CWE-200 - archive/global.php [122-131]
[Old Code]
		$query = $db->simple_select("forums", "*", "fid='{$id}' AND active!=0 AND password=''");
		$forum = $db->fetch_array($query);
		if(!$forum['fid'])
[Fixed Code]
		$query = $db->simple_select("forums", "*", "fid='{$id}' AND active!=0 AND password=''");
		$forum = $db->fetch_array($query);
		if(!$forum)

Note: The vulnerability appears to be an information disclosure issue where the application was not properly handling cases where database queries returned no results. The original code checked for specific field values in the returned arrays, which could lead to inconsistent error handling and potentially expose information about the existence of resources. The fix ensures consistent 404 error handling when queries return no results, preventing potential information leaks about whether specific announcements, threads, or forums exist.

[mybb_1837→mybb_1836] archive/index.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/archive/index.php	2025-11-13 17:31:52.659658565 +0000+++ cache/mybb_mybb_1837/archive/index.php	2025-11-13 17:31:34.842526863 +0000@@ -26,7 +26,7 @@ 		if($announcement['fid'] != -1) 		{ 			$forum = get_forum($announcement['fid']);-			if(!$forum['fid'] || $forum['password'] !== '')+			if(!$forum || $forum['password'] !== '') 			{ 				archive_error($lang->error_invalidforum); 			}@@ -80,7 +80,7 @@  		// Fetch the forum this thread is in 		$forum = get_forum($thread['fid']);-		if(!$forum['fid'] || $forum['password'] !== '')+		if(!$forum || $forum['password'] !== '') 		{ 			archive_error($lang->error_invalidforum); 		}

AI Analysis

Vulnerability Existed: yes  
CWE-639 - Authorization Bypass Through User-Controlled Key - archive/index.php [Lines 26, 80]  
[Old Code]  
```php
if(!$forum['fid'] || $forum['password'] !== '')
```  
[Fixed Code]  
```php
if(!$forum || $forum['password'] !== '')
```  

Vulnerability Existed: yes  
CWE-200 - Information Exposure - archive/index.php [Lines 26, 80]  
[Old Code]  
```php
if(!$forum['fid'] || $forum['password'] !== '')
```  
[Fixed Code]  
```php
if(!$forum || $forum['password'] !== '')
```

[mybb_1837→mybb_1836] attachment.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/attachment.php	2025-11-13 17:31:52.660658628 +0000+++ cache/mybb_mybb_1837/attachment.php	2025-11-13 17:31:34.843526926 +0000@@ -69,6 +69,12 @@ if($pid || $attachment['uid'] != $mybb->user['uid']) { 	$post = get_post($pid);++	if(!$post)+	{+		error($lang->error_invalidthread);+	}+ 	// Check permissions if the post is not a draft 	if($post['visible'] != -2) 	{@@ -86,7 +92,7 @@ 		// Permissions 		$forumpermissions = forum_permissions($fid); -		if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']) || ($forumpermissions['candlattachments'] == 0 && !$mybb->input['thumbnail']))+		if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']) || ($forumpermissions['candlattachments'] == 0 && empty($mybb->input['thumbnail']))) 		{ 			error_no_permission(); 		}

AI Analysis

Vulnerability Existed: yes
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor - CWE-200 - attachment.php [69-74]
Old Code:
```php
if($pid || $attachment['uid'] != $mybb->user['uid'])
{
	$post = get_post($pid);
```
Fixed Code:
```php
if($pid || $attachment['uid'] != $mybb->user['uid'])
{
	$post = get_post($pid);

	if(!$post)
	{
		error($lang->error_invalidthread);
	}
```

Vulnerability Existed: yes
CWE-639: Authorization Bypass Through User-Controlled Key - CWE-639 - attachment.php [86-92]
Old Code:
```php
if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']) || ($forumpermissions['candlattachments'] == 0 && !$mybb->input['thumbnail']))
```
Fixed Code:
```php
if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']) || ($forumpermissions['candlattachments'] == 0 && empty($mybb->input['thumbnail'])))
```

[mybb_1837→mybb_1836] calendar.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1836/calendar.php	2025-11-13 17:31:52.662658755 +0000+++ cache/mybb_mybb_1837/calendar.php	2025-11-13 17:31:34.844526990 +0000@@ -227,7 +227,7 @@ 	$calendar = $db->fetch_array($query);  	// Invalid calendar?-	if(!$calendar['cid'])+	if(!$calendar) 	{ 		error($lang->invalid_calendar); 	}@@ -780,7 +780,7 @@ 		$calendar = $db->fetch_array($query);  		// Invalid calendar?-		if(!$calendar['cid'])+		if(!$calendar) 		{ 			error($lang->invalid_calendar); 		}@@ -2300,7 +2300,7 @@ 	}  	// Invalid calendar?-	if(!$calendar['cid'])+	if(!$calendar) 	{ 		error($lang->invalid_calendar); 	}

AI Analysis

Vulnerability Existed: yes  
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE-754 - calendar.php [Lines 227, 780, 2300]  
[Old Code]  
```php
if(!$calendar['cid'])
```  
[Fixed Code]  
```php
if(!$calendar)
```  

**Explanation:**  
The original code only checked if the 'cid' field existed in the calendar array, which could lead to a potential security issue when the database query fails or returns no results. If the query failed, `$db->fetch_array()` could return `false` instead of an array, and accessing `$calendar['cid']` on a boolean `false` would cause a PHP warning but not trigger the error condition. This could allow the code to proceed with invalid calendar data. The fix properly checks if the query actually returned a valid result set by verifying `$calendar` itself is truthy, ensuring proper error handling when no calendar is found.

[mybb_1837→mybb_1836] editpost.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1836/editpost.php	2025-11-13 17:31:52.666659009 +0000+++ cache/mybb_mybb_1837/editpost.php	2025-11-13 17:31:34.844526990 +0000@@ -394,7 +394,7 @@ 					$redirect = get_thread_link($tid); 				} -				if($mybb->input['ajax'] == 1)+				if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1) 				{ 					header("Content-type: application/json; charset={$lang->settings['charset']}"); 					if(is_moderator($fid, "canviewdeleted"))

AI Analysis

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE-20 - editpost.php [394]  
[Old Code]  
```php
if($mybb->input['ajax'] == 1)
```  
[Fixed Code]  
```php
if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1)
```

[mybb_1837→mybb_1836] forumdisplay.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1836/forumdisplay.php	2025-11-13 17:31:52.667659073 +0000+++ cache/mybb_mybb_1837/forumdisplay.php	2025-11-13 17:31:34.845527053 +0000@@ -1091,7 +1091,7 @@ 		$thread['subject'] = $parser->parse_badwords($thread['subject']); 		$thread['subject'] = htmlspecialchars_uni($thread['subject']); -		if($thread['icon'] > 0 && $icon_cache[$thread['icon']])+		if($thread['icon'] > 0 && isset($icon_cache[$thread['icon']])) 		{ 			$icon = $icon_cache[$thread['icon']]; 			$icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']);

AI Analysis

Vulnerability Existed: yes  
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE-754 - forumdisplay.php [1094]  
[Old Code]  
`if($thread['icon'] > 0 && $icon_cache[$thread['icon']])`  
[Fixed Code]  
`if($thread['icon'] > 0 && isset($icon_cache[$thread['icon']]))`

[mybb_1837→mybb_1836] global.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/global.php	2025-11-13 17:31:52.668659136 +0000+++ cache/mybb_mybb_1837/global.php	2025-11-13 17:31:34.846527117 +0000@@ -245,7 +245,7 @@ 	$query = $db->simple_select('themes', 'name, tid, properties, stylesheets, allowedgroups', $loadstyle, array('limit' => 1)); 	$theme = $db->fetch_array($query); -	if(isset($theme['tid']) && !$load_from_forum && !is_member($theme['allowedgroups']) && $theme['allowedgroups'] != 'all')+	if($theme && !$load_from_forum && !is_member($theme['allowedgroups']) && $theme['allowedgroups'] != 'all') 	{ 		if($load_from_user == 1) 		{@@ -1190,7 +1190,7 @@ 	$query = $db->simple_select('users', 'uid', $condition, array('limit' => 1)); 	$referrer = $db->fetch_array($query); -	if(!empty($referrer) && $referrer['uid'])+	if($referrer) 	{ 		my_setcookie('mybb[referrer]', $referrer['uid']); 	}

AI Analysis

Vulnerability Existed: yes
CWE-20: Improper Input Validation - CWE-20 - global.php [Lines 245]
Old Code:
if(isset($theme['tid']) && !$load_from_forum && !is_member($theme['allowedgroups']) && $theme['allowedgroups'] != 'all')
Fixed Code:
if($theme && !$load_from_forum && !is_member($theme['allowedgroups']) && $theme['allowedgroups'] != 'all')

Vulnerability Existed: yes
CWE-20: Improper Input Validation - CWE-20 - global.php [Lines 1190]
Old Code:
if(!empty($referrer) && $referrer['uid'])
Fixed Code:
if($referrer)

[mybb_1837→mybb_1836] inc/class_core.php AI: Not Sure

--- cache/mybb_mybb_1836/inc/class_core.php	2025-11-13 17:31:52.787666696 +0000+++ cache/mybb_mybb_1837/inc/class_core.php	2025-11-13 17:31:34.907530991 +0000@@ -14,14 +14,14 @@ 	 * 	 * @var string 	 */-	public $version = "1.8.36";+	public $version = "1.8.37";  	/** 	 * The version code of MyBB we're running. 	 * 	 * @var integer 	 */-	public $version_code = 1836;+	public $version_code = 1837;  	/** 	 * The current working directory.

AI Analysis

Vulnerability Existed: not sure  
CWE-Unknown - Unknown - inc/class_core.php 14,21  
[Old Code]  
```php  
public $version = "1.8.36";  
public $version_code = 1836;  
```  
[Fixed Code]  
```php  
public $version = "1.8.37";  
public $version_code = 1837;  
```

[mybb_1837→mybb_1836] inc/class_custommoderation.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/inc/class_custommoderation.php	2025-11-13 17:31:52.788666760 +0000+++ cache/mybb_mybb_1837/inc/class_custommoderation.php	2025-11-13 17:31:34.908531055 +0000@@ -34,7 +34,7 @@ 		// Get tool info 		$query = $db->simple_select("modtools", "*", 'tid='.(int)$tool_id); 		$tool = $db->fetch_array($query);-		if(!$tool['tid'])+		if(!$tool) 		{ 			return false; 		}@@ -59,7 +59,7 @@ 		// Get tool info 		$query = $db->simple_select("modtools", '*', 'tid='.(int)$tool_id); 		$tool = $db->fetch_array($query);-		if(!$tool['tid'])+		if(!$tool) 		{ 			return false; 		}

AI Analysis

Vulnerability Existed: yes
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE-754 - inc/class_custommoderation.php [34-59]
Old Code: 
```php
$query = $db->simple_select("modtools", "*", 'tid='.(int)$tool_id);
$tool = $db->fetch_array($query);
if(!$tool['tid'])
{
    return false;
}
```
Fixed Code:
```php
$query = $db->simple_select("modtools", "*", 'tid='.(int)$tool_id);
$tool = $db->fetch_array($query);
if(!$tool)
{
    return false;
}
```

Vulnerability Existed: yes
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE-754 - inc/class_custommoderation.php [59-84]
Old Code:
```php
$query = $db->simple_select("modtools", '*', 'tid='.(int)$tool_id);
$tool = $db->fetch_array($query);
if(!$tool['tid'])
{
    return false;
}
```
Fixed Code:
```php
$query = $db->simple_select("modtools", '*', 'tid='.(int)$tool_id);
$tool = $db->fetch_array($query);
if(!$tool)
{
    return false;
}
```

[mybb_1837→mybb_1836] inc/class_datacache.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/inc/class_datacache.php	2025-11-13 17:31:52.789666824 +0000+++ cache/mybb_mybb_1837/inc/class_datacache.php	2025-11-13 17:31:34.908531055 +0000@@ -190,21 +190,28 @@ 				$query = $db->simple_select("datacache", "title,cache", "title='".$db->escape_string($name)."'"); 				$cache_data = $db->fetch_array($query); -				// use native_unserialize() over my_unserialize() for performance reasons-				$data = native_unserialize($cache_data['cache']);+				if($cache_data)+				{+					// use native_unserialize() over my_unserialize() for performance reasons+					$data = native_unserialize($cache_data['cache']); -				// Update cache for handler-				get_execution_time();+					// Update cache for handler+					get_execution_time(); -				$hit = $this->handler->put($name, $data);+					$hit = $this->handler->put($name, $data); -				$call_time = get_execution_time();-				$this->call_time += $call_time;-				$this->call_count++;+					$call_time = get_execution_time();+					$this->call_time += $call_time;+					$this->call_count++; -				if($mybb->debug_mode)+					if($mybb->debug_mode)+					{+						$this->debug_call('set:'.$name, $call_time, $hit);+					}+				}+				else 				{-					$this->debug_call('set:'.$name, $call_time, $hit);+					$data = false; 				} 			} 		}

AI Analysis

Vulnerability Existed: yes
CWE-502 Deserialization of Untrusted Data - CWE-502 - inc/class_datacache.php [190-194]
[Old Code]
				$query = $db->simple_select("datacache", "title,cache", "title='".$db->escape_string($name)."'");
				$cache_data = $db->fetch_array($query);

				// use native_unserialize() over my_unserialize() for performance reasons
				$data = native_unserialize($cache_data['cache']);
[Fixed Code]
				$query = $db->simple_select("datacache", "title,cache", "title='".$db->escape_string($name)."'");
				$cache_data = $db->fetch_array($query);

				if($cache_data)
				{
					// use native_unserialize() over my_unserialize() for performance reasons
					$data = native_unserialize($cache_data['cache']);

Vulnerability Existed: yes
CWE-20 Improper Input Validation - CWE-20 - inc/class_datacache.php [190-194]
[Old Code]
				$query = $db->simple_select("datacache", "title,cache", "title='".$db->escape_string($name)."'");
				$cache_data = $db->fetch_array($query);

				// use native_unserialize() over my_unserialize() for performance reasons
				$data = native_unserialize($cache_data['cache']);
[Fixed Code]
				$query = $db->simple_select("datacache", "title,cache", "title='".$db->escape_string($name)."'");
				$cache_data = $db->fetch_array($query);

				if($cache_data)
				{
					// use native_unserialize() over my_unserialize() for performance reasons
					$data = native_unserialize($cache_data['cache']);

[mybb_1837→mybb_1836] inc/class_session.php AI: 5 vulnerabilities

--- cache/mybb_mybb_1836/inc/class_session.php	2025-11-13 17:31:52.797667332 +0000+++ cache/mybb_mybb_1837/inc/class_session.php	2025-11-13 17:31:34.911531245 +0000@@ -72,7 +72,7 @@ 			{ 				$query = $db->simple_select("sessions", "*", "sid='{$sid}'"); 				$session = $db->fetch_array($query);-				if(!empty($session) && $session['sid'])+				if($session) 				{ 					$this->sid = $session['sid']; 				}@@ -146,7 +146,7 @@ 		$mybb->user = $db->fetch_array($query);  		// Check the password if we're not using a session-		if(empty($loginkey) || $loginkey !== $mybb->user['loginkey'] || !$mybb->user['uid'])+		if(!$mybb->user || empty($loginkey) || $loginkey !== $mybb->user['loginkey']) 		{ 			unset($mybb->user); 			$this->uid = 0;@@ -572,17 +572,14 @@ 	 */ 	function get_special_locations() 	{-		global $mybb;+		global $mybb, $db; 		$array = array('1' => '', '2' => ''); 		if(preg_match("#forumdisplay.php#", $_SERVER['PHP_SELF']) && $mybb->get_input('fid', MyBB::INPUT_INT) > 0 && $mybb->get_input('fid', MyBB::INPUT_INT) < 4294967296) 		{ 			$array[1] = $mybb->get_input('fid', MyBB::INPUT_INT);-			$array[2] = ''; 		} 		elseif(preg_match("#showthread.php#", $_SERVER['PHP_SELF'])) 		{-			global $db;- 			if($mybb->get_input('tid', MyBB::INPUT_INT) > 0 && $mybb->get_input('tid', MyBB::INPUT_INT) < 4294967296) 			{ 				$array[2] = $mybb->get_input('tid', MyBB::INPUT_INT);@@ -596,11 +593,17 @@ 				); 				$query = $db->simple_select("posts", "tid", "pid=".$mybb->get_input('pid', MyBB::INPUT_INT), $options); 				$post = $db->fetch_array($query);-				$array[2] = $post['tid'];+				if($post)+				{+					$array[2] = $post['tid'];+				} 			}  			$thread = get_thread($array[2]);-			$array[1] = $thread['fid'];+			if($thread)+			{+				$array[1] = $thread['fid'];+			} 		} 		return $array; 	}

AI Analysis

Vulnerability Existed: yes
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - inc/class_session.php [Lines 590-592]
Old Code:
```php
$query = $db->simple_select("posts", "tid", "pid=".$mybb->get_input('pid', MyBB::INPUT_INT), $options);
```
Fixed Code:
```php
$query = $db->simple_select("posts", "tid", "pid=".$mybb->get_input('pid', MyBB::INPUT_INT), $options);
```

Vulnerability Existed: yes
CWE-20: Improper Input Validation - inc/class_session.php [Lines 574-575]
Old Code:
```php
if(preg_match("#forumdisplay.php#", $_SERVER['PHP_SELF']) && $mybb->get_input('fid', MyBB::INPUT_INT) > 0 && $mybb->get_input('fid', MyBB::INPUT_INT) < 4294967296)
```
Fixed Code:
```php
if(preg_match("#forumdisplay.php#", $_SERVER['PHP_SELF']) && $mybb->get_input('fid', MyBB::INPUT_INT) > 0 && $mybb->get_input('fid', MyBB::INPUT_INT) < 4294967296)
```

Vulnerability Existed: yes
CWE-754: Improper Check for Unusual or Exceptional Conditions - inc/class_session.php [Lines 72-76]
Old Code:
```php
if(!empty($session) && $session['sid'])
```
Fixed Code:
```php
if($session)
```

Vulnerability Existed: yes
CWE-754: Improper Check for Unusual or Exceptional Conditions - inc/class_session.php [Lines 146-150]
Old Code:
```php
if(empty($loginkey) || $loginkey !== $mybb->user['loginkey'] || !$mybb->user['uid'])
```
Fixed Code:
```php
if(!$mybb->user || empty($loginkey) || $loginkey !== $mybb->user['loginkey'])
```

Vulnerability Existed: yes
CWE-754: Improper Check for Unusual or Exceptional Conditions - inc/class_session.php [Lines 596-602]
Old Code:
```php
$array[2] = $post['tid'];
$thread = get_thread($array[2]);
$array[1] = $thread['fid'];
```
Fixed Code:
```php
if($post)
{
    $array[2] = $post['tid'];
}
$thread = get_thread($array[2]);
if($thread)
{
    $array[1] = $thread['fid'];
}
```

[mybb_1837→mybb_1836] inc/datahandlers/pm.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/inc/datahandlers/pm.php	2025-11-13 17:31:52.805667840 +0000+++ cache/mybb_mybb_1837/inc/datahandlers/pm.php	2025-11-13 17:31:34.914531435 +0000@@ -583,7 +583,7 @@ 		$draftcheck = $db->fetch_array($query);  		// This PM was previously a draft-		if(!empty($draftcheck['pmid']))+		if($draftcheck) 		{ 			if($draftcheck['deletetime']) 			{

AI Analysis

Vulnerability Existed: yes  
CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) - inc/datahandlers/pm.php Line 583  
[Old Code]  
```php  
$draftcheck = $db->fetch_array($query);  
  
// This PM was previously a draft  
if(!empty($draftcheck['pmid']))  
```  
[Fixed Code]  
```php  
$draftcheck = $db->fetch_array($query);  
  
// This PM was previously a draft  
if($draftcheck)  
```  

Vulnerability Existed: yes  
CWE-476 (NULL Pointer Dereference) - inc/datahandlers/pm.php Line 583  
[Old Code]  
```php  
$draftcheck = $db->fetch_array($query);  
  
// This PM was previously a draft  
if(!empty($draftcheck['pmid']))  
```  
[Fixed Code]  
```php  
$draftcheck = $db->fetch_array($query);  
  
// This PM was previously a draft  
if($draftcheck)  
```

[mybb_1837→mybb_1836] inc/datahandlers/user.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1836/inc/datahandlers/user.php	2025-11-13 17:31:52.807667967 +0000+++ cache/mybb_mybb_1837/inc/datahandlers/user.php	2025-11-13 17:31:34.915531499 +0000@@ -633,7 +633,7 @@ 		{ 			$referrer = get_user_by_username($user['referrer']); -			if(empty($referrer['uid']))+			if(!$referrer) 			{ 				$this->set_error('invalid_referrer', array($user['referrer'])); 				return false;

AI Analysis

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE ID 20 - inc/datahandlers/user.php [Lines 633-637]  
Old Code:  
```php
			$referrer = get_user_by_username($user['referrer']);

			if(empty($referrer['uid']))
			{
				$this->set_error('invalid_referrer', array($user['referrer']));
				return false;
```  
Fixed Code:  
```php
			$referrer = get_user_by_username($user['referrer']);

			if(!$referrer)
			{
				$this->set_error('invalid_referrer', array($user['referrer']));
				return false;
```

[mybb_1837→mybb_1836] inc/datahandlers/warnings.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1836/inc/datahandlers/warnings.php	2025-11-13 17:31:52.807667967 +0000+++ cache/mybb_mybb_1837/inc/datahandlers/warnings.php	2025-11-13 17:31:34.915531499 +0000@@ -68,7 +68,7 @@  		$user = get_user($warning['uid']); -		if(!$user['uid'])+		if(!$user) 		{ 			$this->set_error('error_invalid_user'); 			return false;@@ -100,7 +100,7 @@  		$post = get_post($warning['pid']); -		if(!$post['pid'])+		if(!$post) 		{ 			$this->set_error('error_invalid_post'); 			return false;

AI Analysis

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE-20 - inc/datahandlers/warnings.php [68-100]  
Old Code:  
```php
$user = get_user($warning['uid']);

if(!$user['uid'])
{
    $this->set_error('error_invalid_user');
    return false;
}

// ...

$post = get_post($warning['pid']);

if(!$post['pid'])
{
    $this->set_error('error_invalid_post');
    return false;
```  
Fixed Code:  
```php
$user = get_user($warning['uid']);

if(!$user)
{
    $this->set_error('error_invalid_user');
    return false;
}

// ...

$post = get_post($warning['pid']);

if(!$post)
{
    $this->set_error('error_invalid_post');
    return false;
```

[mybb_1837→mybb_1836] inc/functions.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/inc/functions.php	2025-11-13 17:31:52.816668539 +0000+++ cache/mybb_mybb_1837/inc/functions.php	2025-11-13 17:31:34.919531753 +0000@@ -3255,32 +3255,35 @@ 	// Fetch above counters for this user 	$query = $db->simple_select("users", implode(",", $counters), "uid='{$uid}'"); 	$user = $db->fetch_array($query);--	foreach($counters as $counter)+	+	if($user) 	{-		if(array_key_exists($counter, $changes))+		foreach($counters as $counter) 		{-			if(substr($changes[$counter], 0, 2) == "+-")-			{-				$changes[$counter] = substr($changes[$counter], 1);-			}-			// Adding or subtracting from previous value?-			if(substr($changes[$counter], 0, 1) == "+" || substr($changes[$counter], 0, 1) == "-")+			if(array_key_exists($counter, $changes)) 			{-				if((int)$changes[$counter] != 0)+				if(substr($changes[$counter], 0, 2) == "+-") 				{-					$update_query[$counter] = $user[$counter] + $changes[$counter];+					$changes[$counter] = substr($changes[$counter], 1);+				}+				// Adding or subtracting from previous value?+				if(substr($changes[$counter], 0, 1) == "+" || substr($changes[$counter], 0, 1) == "-")+				{+					if((int)$changes[$counter] != 0)+					{+						$update_query[$counter] = $user[$counter] + $changes[$counter];+					}+				}+				else+				{+					$update_query[$counter] = $changes[$counter]; 				}-			}-			else-			{-				$update_query[$counter] = $changes[$counter];-			} -			// Less than 0? That's bad-			if(isset($update_query[$counter]) && $update_query[$counter] < 0)-			{-				$update_query[$counter] = 0;+				// Less than 0? That's bad+				if(isset($update_query[$counter]) && $update_query[$counter] < 0)+				{+					$update_query[$counter] = 0;+				} 			} 		} 	}@@ -3903,7 +3906,7 @@ 		$query = $db->simple_select("threadsubscriptions", "tid, notification", "tid='".(int)$tid."' AND uid='".$mybb->user['uid']."'", array('limit' => 1)); 		$subscription = $db->fetch_array($query); -		if(!empty($subscription) && $subscription['tid'])+		if($subscription) 		{ 			$subscription_method = (int)$subscription['notification'] + 1; 		}@@ -7045,13 +7048,13 @@ 		"~" 	); 	$terms = str_replace($bad_characters, '', $terms);+	$words = array();  	// Check if this is a "series of words" - should be treated as an EXACT match 	if(my_strpos($terms, "\"") !== false) 	{ 		$inquote = false; 		$terms = explode("\"", $terms);-		$words = array(); 		foreach($terms as $phrase) 		{ 			$phrase = htmlspecialchars_uni($phrase);@@ -7099,15 +7102,12 @@ 		} 	} -	if(!is_array($words))-	{-		return false;-	}- 	// Sort the word array by length. Largest terms go first and work their way down to the smallest term. 	// This resolves problems like "test tes" where "tes" will be highlighted first, then "test" can't be highlighted because of the changed html 	usort($words, 'build_highlight_array_sort'); +	$highlight_cache = array();+ 	// Loop through our words to build the PREG compatible strings 	foreach($words as $word) 	{

AI Analysis

Vulnerability Existed: yes  
CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) - CWE-89 - inc/functions.php [3255-3290]  
Old Code:  
```php
	// Fetch above counters for this user
	$query = $db->simple_select("users", implode(",", $counters), "uid='{$uid}'");
	$user = $db->fetch_array($query);
```  
Fixed Code:  
```php
	// Fetch above counters for this user
	$query = $db->simple_select("users", implode(",", $counters), "uid='{$uid}'");
	$user = $db->fetch_array($query);
	
	if($user)
	{
```  

Vulnerability Existed: yes  
CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) - CWE-89 - inc/functions.php [3903-3909]  
Old Code:  
```php
		$query = $db->simple_select("threadsubscriptions", "tid, notification", "tid='".(int)$tid."' AND uid='".$mybb->user['uid']."'", array('limit' => 1));
		$subscription = $db->fetch_array($query);

		if(!empty($subscription) && $subscription['tid'])
```  
Fixed Code:  
```php
		$query = $db->simple_select("threadsubscriptions", "tid, notification", "tid='".(int)$tid."' AND uid='".$mybb->user['uid']."'", array('limit' => 1));
		$subscription = $db->fetch_array($query);

		if($subscription)
```  

Vulnerability Existed: not sure  
CWE-200 (Information Exposure) - CWE-200 - inc/functions.php [7045-7110]  
Old Code:  
```php
	$terms = str_replace($bad_characters, '', $terms);

	// Check if this is a "series of words" - should be treated as an EXACT match
	if(my_strpos($terms, "\"") !== false)
	{
		$inquote = false;
		$terms = explode("\"", $terms);
		$words = array();
```  
Fixed Code:  
```php
	$terms = str_replace($bad_characters, '', $terms);
	$words = array();

	// Check if this is a "series of words" - should be treated as an EXACT match
	if(my_strpos($terms, "\"") !== false)
	{
		$inquote = false;
		$terms = explode("\"", $terms);
```

[mybb_1837→mybb_1836] inc/functions_online.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/inc/functions_online.php	2025-11-13 17:31:52.822668920 +0000+++ cache/mybb_mybb_1837/inc/functions_online.php	2025-11-13 17:31:34.921531880 +0000@@ -33,7 +33,7 @@ 		$filename = my_substr($split_loc[0], -my_strpos(strrev($split_loc[0]), "/")); 	} 	$parameters = array();-	if($split_loc[1])+	if(isset($split_loc[1])) 	{ 		$temp = explode("&amp;", my_substr($split_loc[1], 1)); 		foreach($temp as $param)@@ -352,7 +352,7 @@ 					} 				} -				if(!$user_activity['activity'])+				if(empty($user_activity['activity'])) 				{ 					$user_activity['activity'] = "showresults"; 				}

AI Analysis

Vulnerability Existed: yes  
CWE-476: NULL Pointer Dereference - inc/functions_online.php [Line 36]  
Old Code:  
```php
if($split_loc[1])
```  
Fixed Code:  
```php
if(isset($split_loc[1]))
```  

Vulnerability Existed: yes  
CWE-476: NULL Pointer Dereference - inc/functions_online.php [Line 355]  
Old Code:  
```php
if(!$user_activity['activity'])
```  
Fixed Code:  
```php
if(empty($user_activity['activity']))
```

[mybb_1837→mybb_1836] inc/functions_post.php AI: 4 vulnerabilities

--- cache/mybb_mybb_1836/inc/functions_post.php	2025-11-13 17:31:52.823668984 +0000+++ cache/mybb_mybb_1837/inc/functions_post.php	2025-11-13 17:31:34.921531880 +0000@@ -358,7 +358,7 @@ 		$post['button_rep'] = ''; 		if($post_type != 3 && $mybb->settings['enablereputation'] == 1 && $mybb->settings['postrep'] == 1 && $mybb->usergroup['cangivereputations'] == 1 && $usergroup['usereputationsystem'] == 1 && ($mybb->settings['posrep'] || $mybb->settings['neurep'] || $mybb->settings['negrep']) && $post['uid'] != $mybb->user['uid'] && (!isset($post['visible']) || $post['visible'] == 1) && (!isset($thread['visible']) || $thread['visible'] == 1)) 		{-			if(!$post['pid'])+			if(empty($post['pid'])) 			{ 				$post['pid'] = 0; 			}@@ -784,6 +784,7 @@ 	$post['poststatus'] = ''; 	if(!$post_type && $post['visible'] != 1) 	{+		$status_type = ''; 		if(is_moderator($fid, "canviewdeleted") && $postcounter != 1 && $post['visible'] == -1) 		{ 			$status_type = $lang->postbit_post_deleted;@@ -997,7 +998,7 @@  				if(!$attachment['dateuploaded']) 				{-					$attachment['dateuploaded'] = $attachment['dateline'];+					$attachment['dateuploaded'] = $post['dateline']; 				} 				$attachdate = my_date('normal', $attachment['dateuploaded']); 				// Support for [attachment=id] code@@ -1030,7 +1031,7 @@ 						eval("\$post['thumblist'] .= \"".$templates->get("postbit_attachments_thumbnails_thumbnail")."\";"); 						if($tcount == 5) 						{-							$thumblist .= "<br />";+							$post['thumblist'] .= "<br />"; 							$tcount = 0; 						} 						++$tcount;@@ -1046,7 +1047,7 @@ 							eval("\$post['thumblist'] .= \"".$templates->get("postbit_attachments_thumbnails_thumbnail")."\";"); 							if($tcount == 5) 							{-								$thumblist .= "<br />";+								$post['thumblist'] .= "<br />"; 								$tcount = 0; 							} 							++$tcount;

AI Analysis

Vulnerability Existed: yes
CWE-639: Authorization Bypass Through User-Controlled Key - inc/functions_post.php [787]
Old Code:
    if(is_moderator($fid, "canviewdeleted") && $postcounter != 1 && $post['visible'] == -1)
Fixed Code:
    if(is_moderator($fid, "canviewdeleted") && $postcounter != 1 && $post['visible'] == -1)

Vulnerability Existed: yes
CWE-20: Improper Input Validation - inc/functions_post.php [360]
Old Code:
    if(!$post['pid'])
Fixed Code:
    if(empty($post['pid']))

Vulnerability Existed: yes
CWE-20: Improper Input Validation - inc/functions_post.php [1000]
Old Code:
    $attachment['dateuploaded'] = $attachment['dateline'];
Fixed Code:
    $attachment['dateuploaded'] = $post['dateline'];

Vulnerability Existed: yes
CWE-20: Improper Input Validation - inc/functions_post.php [1033,1049]
Old Code:
    $thumblist .= "<br />";
Fixed Code:
    $post['thumblist'] .= "<br />";

[mybb_1837→mybb_1836] inc/functions_search.php AI: 4 vulnerabilities

--- cache/mybb_mybb_1836/inc/functions_search.php	2025-11-13 17:31:52.826669174 +0000+++ cache/mybb_mybb_1837/inc/functions_search.php	2025-11-13 17:31:34.921531880 +0000@@ -355,6 +355,7 @@ 	// Brace depth 	$depth = 0; 	$phrase_operator = '+';+	$inquote = false; 	foreach($keywords as $phrase) 	{ 		$phrase = trim($phrase);@@ -1238,7 +1239,7 @@  	$thread_prefixcut = ''; 	$prefixlist = array();-	if($search['threadprefix'] && $search['threadprefix'][0] != 'any')+	if(!empty($search['threadprefix']) && $search['threadprefix'][0] != 'any') 	{ 		foreach($search['threadprefix'] as $threadprefix) 		{@@ -1526,7 +1527,7 @@ 	} 	$post_usersql = ''; 	$thread_usersql = '';-	if($search['author'])+	if(!empty($search['author'])) 	{ 		$userids = array(); 		$search['author'] = my_strtolower($search['author']);@@ -1560,7 +1561,7 @@ 		} 	} 	$datecut = $thread_datecut = $post_datecut = '';-	if($search['postdate'])+	if(!empty($search['postdate'])) 	{ 		if($search['pddir'] == 0) 		{@@ -1578,7 +1579,7 @@ 	}  	$thread_replycut = '';-	if($search['numreplies'] != '' && $search['findthreadst'])+	if(!empty($search['numreplies']) && $search['findthreadst']) 	{ 		if((int)$search['findthreadst'] == 1) 		{@@ -1592,7 +1593,7 @@  	$thread_prefixcut = ''; 	$prefixlist = array();-	if($search['threadprefix'] && $search['threadprefix'][0] != 'any')+	if(!empty($search['threadprefix']) && $search['threadprefix'][0] != 'any') 	{ 		foreach($search['threadprefix'] as $threadprefix) 		{

AI Analysis

Vulnerability Existed: yes
CWE-20: Improper Input Validation - CWE-20 - inc/functions_search.php [Lines 1241, 1562, 1574, 1582, 1595]
[Old Code]
	if($search['threadprefix'] && $search['threadprefix'][0] != 'any')
[Fixed Code]
	if(!empty($search['threadprefix']) && $search['threadprefix'][0] != 'any')

Vulnerability Existed: yes
CWE-20: Improper Input Validation - CWE-20 - inc/functions_search.php [Lines 1241, 1562, 1574, 1582, 1595]
[Old Code]
	if($search['author'])
[Fixed Code]
	if(!empty($search['author']))

Vulnerability Existed: yes
CWE-20: Improper Input Validation - CWE-20 - inc/functions_search.php [Lines 1241, 1562, 1574, 1582, 1595]
[Old Code]
	if($search['postdate'])
[Fixed Code]
	if(!empty($search['postdate']))

Vulnerability Existed: yes
CWE-20: Improper Input Validation - CWE-20 - inc/functions_search.php [Lines 1241, 1562, 1574, 1582, 1595]
[Old Code]
	if($search['numreplies'] != '' && $search['findthreadst'])
[Fixed Code]
	if(!empty($search['numreplies']) && $search['findthreadst'])

[mybb_1837→mybb_1836] inc/functions_task.php AI: Not Sure

--- cache/mybb_mybb_1836/inc/functions_task.php	2025-11-13 17:31:52.827669238 +0000+++ cache/mybb_mybb_1837/inc/functions_task.php	2025-11-13 17:31:34.922531944 +0000@@ -33,7 +33,7 @@ 	}  	// No task? Return-	if(empty($task['tid']))+	if(!$task) 	{ 		$cache->update_tasks(); 		return false;

AI Analysis

Vulnerability Existed: not sure  
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE-754 - inc/functions_task.php 33-36  
[Old Code]  
```php
	if(empty($task['tid']))
	{
		$cache->update_tasks();
		return false;
```  
[Fixed Code]  
```php
	if(!$task)
	{
		$cache->update_tasks();
		return false;
```

[mybb_1837→mybb_1836] inc/functions_upload.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/inc/functions_upload.php	2025-11-13 17:31:52.828669301 +0000+++ cache/mybb_mybb_1837/inc/functions_upload.php	2025-11-13 17:31:34.922531944 +0000@@ -467,7 +467,7 @@ 	} 	$query = $db->simple_select("attachments", "*", "filename='".$db->escape_string($attachment['name'])."' AND ".$uploaded_query); 	$prevattach = $db->fetch_array($query);-	if(!empty($prevattach) && $prevattach['aid'] && $update_attachment == false)+	if($prevattach && $update_attachment == false) 	{ 		if(!$mybb->usergroup['caneditattachments'] && !$forumpermissions['caneditattachments']) 		{@@ -644,7 +644,7 @@  	$attacharray = $plugins->run_hooks("upload_attachment_do_insert", $attacharray); -	if(!empty($prevattach) && $prevattach['aid'] && $update_attachment == true)+	if($prevattach && $update_attachment == true) 	{ 		unset($attacharray['downloads']); // Keep our download count if we're updating an attachment 		$db->update_query("attachments", $attacharray, "aid='".$db->escape_string($prevattach['aid'])."'");

AI Analysis

Vulnerability Existed: yes  
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - inc/functions_upload.php [467, 644]  
Old Code:  
```php
if(!empty($prevattach) && $prevattach['aid'] && $update_attachment == false)
```  
Fixed Code:  
```php
if($prevattach && $update_attachment == false)
```  

Vulnerability Existed: yes  
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - inc/functions_upload.php [467, 644]  
Old Code:  
```php
if(!empty($prevattach) && $prevattach['aid'] && $update_attachment == true)
```  
Fixed Code:  
```php
if($prevattach && $update_attachment == true)
```

[mybb_1837→mybb_1836] inc/functions_user.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/inc/functions_user.php	2025-11-13 17:31:52.829669365 +0000+++ cache/mybb_mybb_1837/inc/functions_user.php	2025-11-13 17:31:34.922531944 +0000@@ -62,7 +62,7 @@  	$user = get_user_by_username($username, $options); -	if(!$user['uid'])+	if(!$user) 	{ 		return false; 	}@@ -327,7 +327,7 @@  	$query = $db->simple_select("threadsubscriptions", "*", "tid='".(int)$tid."' AND uid='".(int)$uid."'"); 	$subscription = $db->fetch_array($query);-	if(empty($subscription) || !$subscription['tid'])+	if(!$subscription) 	{ 		$insert_array = array( 			'uid' => (int)$uid,@@ -401,7 +401,7 @@  	$query = $db->simple_select("forumsubscriptions", "*", "fid='".$fid."' AND uid='{$uid}'", array('limit' => 1)); 	$fsubscription = $db->fetch_array($query);-	if(empty($fsubscription) || !$fsubscription['fid'])+	if(!$fsubscription) 	{ 		$insert_array = array( 			'fid' => $fid,

AI Analysis

Vulnerability Existed: yes  
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - inc/functions_user.php [327, 401]  
Old Code:  
```php
$query = $db->simple_select("threadsubscriptions", "*", "tid='".(int)$tid."' AND uid='".(int)$uid."'");
...
$query = $db->simple_select("forumsubscriptions", "*", "fid='".$fid."' AND uid='{$uid}'", array('limit' => 1));
```  
Fixed Code:  
```php
$query = $db->simple_select("threadsubscriptions", "*", "tid='".(int)$tid."' AND uid='".(int)$uid."'");
...
$query = $db->simple_select("forumsubscriptions", "*", "fid='".$fid."' AND uid='{$uid}'", array('limit' => 1));
```  

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - inc/functions_user.php [62, 327, 401]  
Old Code:  
```php
if(!$user['uid'])
...
if(empty($subscription) || !$subscription['tid'])
...
if(empty($fsubscription) || !$fsubscription['fid'])
```  
Fixed Code:  
```php
if(!$user)
...
if(!$subscription)
...
if(!$fsubscription)
```

[mybb_1837→mybb_1836] inc/languages/english.php AI: No vulnerabilities

--- cache/mybb_mybb_1836/inc/languages/english.php	2025-11-13 17:31:52.831669492 +0000+++ cache/mybb_mybb_1837/inc/languages/english.php	2025-11-13 17:31:34.923532007 +0000@@ -27,7 +27,7 @@ //$langinfo['additional_name'] = " ";  // Compatible version of MyBB-$langinfo['version'] = "1835";+$langinfo['version'] = "1837";  // Sets if the translation includes the Admin CP (1 = yes, 0 = no) $langinfo['admin'] = 1;

AI Analysis

**Analysis:**

The provided diff shows a change in the language file version number from "1835" to "1837". This appears to be a routine version update rather than a security fix. No actual security vulnerability patching is evident in this specific code change.

**Answer:**

Vulnerability Existed: no
No specific vulnerability - N/A - inc/languages/english.php Lines 27-27
Old Code: `$langinfo['version'] = "1835";`
Fixed Code: `$langinfo['version'] = "1837";`

[mybb_1837→mybb_1836] inc/languages/english/admin/user_mass_mail.lang.php AI: Not Sure

--- cache/mybb_mybb_1836/inc/languages/english/admin/user_mass_mail.lang.php	2025-11-13 17:31:52.869671906 +0000+++ cache/mybb_mybb_1837/inc/languages/english/admin/user_mass_mail.lang.php	2025-11-13 17:31:34.933532642 +0000@@ -61,6 +61,7 @@ $l['user_last_active'] = "User was Last Active"; $l['user_registered'] = "User Registered"; $l['save_mass_mail'] = "Save Mass Mail";+$l['additional_user_groups_desc'] = "Use CTRL to select multiple groups";  $l['step_four'] = "Step 4"; $l['delivery_method'] = "Delivery Method";

AI Analysis

Vulnerability Existed: not sure  
CWE-200: Information Exposure - inc/languages/english/admin/user_mass_mail.lang.php Line 64  
Old Code:  
```php
$l['save_mass_mail'] = "Save Mass Mail";
```  
Fixed Code:  
```php
$l['save_mass_mail'] = "Save Mass Mail";
$l['additional_user_groups_desc'] = "Use CTRL to select multiple groups";
```  

Note: This appears to be a UI/UX improvement rather than a clear security fix. The addition provides better guidance for multi-select functionality, which could indirectly prevent user errors but doesn't directly address a known vulnerability.

[mybb_1837→mybb_1836] inc/mailhandlers/php.php AI: Not Sure

--- cache/mybb_mybb_1836/inc/mailhandlers/php.php	2025-11-13 17:31:52.920675146 +0000+++ cache/mybb_mybb_1837/inc/mailhandlers/php.php	2025-11-13 17:31:34.946533468 +0000@@ -36,6 +36,7 @@ 		global $lang, $mybb;  		// For some reason sendmail/qmail doesn't like \r\n+		/* 		$this->sendmail = @ini_get('sendmail_path'); 		if($this->sendmail) 		{@@ -43,6 +44,7 @@ 			$this->message = str_replace("\r\n", "\n", $this->message); 			$this->delimiter = "\n"; 		}+		*/  		// Some mail providers ignore email's with incorrect return-to path's so try and fix that here 		$this->sendmail_from = @ini_get('sendmail_from');

AI Analysis

Vulnerability Existed: not sure  
CWE-Unknown - Unknown - inc/mailhandlers/php.php [Lines 36-44]  
[Old Code]  
```php  
		// For some reason sendmail/qmail doesn't like \r\n  
		$this->sendmail = @ini_get('sendmail_path');  
		if($this->sendmail)  
		{  
			$this->message = str_replace("\r\n", "\n", $this->message);  
			$this->delimiter = "\n";  
		}  
```  
[Fixed Code]  
```php  
		// For some reason sendmail/qmail doesn't like \r\n  
		/*  
		$this->sendmail = @ini_get('sendmail_path');  
		if($this->sendmail)  
		{  
			$this->message = str_replace("\r\n", "\n", $this->message);  
			$this->delimiter = "\n";  
		}  
		*/  
```

[mybb_1837→mybb_1836] inc/mailhandlers/smtp.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1836/inc/mailhandlers/smtp.php	2025-11-13 17:31:52.921675210 +0000+++ cache/mybb_mybb_1837/inc/mailhandlers/smtp.php	2025-11-13 17:31:34.946533468 +0000@@ -314,7 +314,16 @@ 					$this->fatal_error("The server did not understand the STARTTLS command. Reason: ".$this->get_error()); 					return false; 				}-				if(!@stream_socket_enable_crypto($this->connection, true, STREAM_CRYPTO_METHOD_TLS_CLIENT))++				$crypto_method = STREAM_CRYPTO_METHOD_TLS_CLIENT;+				// Fix for PHP >=5.6.7 and <7.2 not including TLS 1.1 and 1.2+				if(defined('STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT'))+				{+					$crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;+					$crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;+				}++				if(!@stream_socket_enable_crypto($this->connection, true, $crypto_method)) 				{ 					$this->fatal_error("Failed to start TLS encryption"); 					return false;

AI Analysis

Vulnerability Existed: yes  
CWE-319: Cleartext Transmission of Sensitive Information - CWE-319 - inc/mailhandlers/smtp.php [Lines 314-327]  
[Old Code]  
```php
if(!@stream_socket_enable_crypto($this->connection, true, STREAM_CRYPTO_METHOD_TLS_CLIENT))
```  
[Fixed Code]  
```php
$crypto_method = STREAM_CRYPTO_METHOD_TLS_CLIENT;
// Fix for PHP >=5.6.7 and <7.2 not including TLS 1.1 and 1.2
if(defined('STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT'))
{
	$crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
	$crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
}

if(!@stream_socket_enable_crypto($this->connection, true, $crypto_method))
```

[mybb_1837→mybb_1836] inc/tasks/delayedmoderation.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1836/inc/tasks/delayedmoderation.php	2025-11-13 17:31:52.927675591 +0000+++ cache/mybb_mybb_1837/inc/tasks/delayedmoderation.php	2025-11-13 17:31:34.946533468 +0000@@ -167,7 +167,7 @@ 					$mergetid = (int)$mergetid; 					$mergethread = get_thread($mergetid); -					if(!$mergethread['tid'])+					if(!$mergethread) 					{ 						continue 2; 					}

AI Analysis

Vulnerability Existed: yes  
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE 754 - inc/tasks/delayedmoderation.php [167]  
[Old Code]  
```php
if(!$mergethread['tid'])
```  
[Fixed Code]  
```php
if(!$mergethread)
```

[mybb_1837→mybb_1836] install/resources/mybb_theme.xml AI: Not Sure

--- cache/mybb_mybb_1836/install/resources/mybb_theme.xml	2025-11-13 17:31:52.953677243 +0000+++ cache/mybb_mybb_1837/install/resources/mybb_theme.xml	2025-11-13 17:31:34.954533976 +0000@@ -1,5 +1,5 @@ <?xml version="1.0" encoding="UTF-8"?>-<theme name="MyBB Master Style" version="1834">+<theme name="MyBB Master Style" version="1837"> 	<properties> 		<templateset><![CDATA[1]]></templateset> 		<imgdir><![CDATA[images]]></imgdir>@@ -14159,9 +14159,9 @@ <td class="trow1" width="20%"><strong>{$lang->username}</strong></td> <td class="trow1">{$mybb->user['username']} <span class="smalltext">[<strong><a href="member.php?action=logout&amp;logoutkey={$mybb->user['logoutkey']}">{$lang->change_user}</a></strong>]</span></td> </tr>]]></template>-		<template name="codebuttons" version="1832"><![CDATA[<link rel="stylesheet" href="{$mybb->asset_url}/jscripts/sceditor/themes/{$theme['editortheme']}" type="text/css" media="all" />+		<template name="codebuttons" version="1837"><![CDATA[<link rel="stylesheet" href="{$mybb->asset_url}/jscripts/sceditor/themes/{$theme['editortheme']}" type="text/css" media="all" /> <script type="text/javascript" src="{$mybb->asset_url}/jscripts/sceditor/jquery.sceditor.bbcode.min.js?ver=1832"></script>-<script type="text/javascript" src="{$mybb->asset_url}/jscripts/bbcodes_sceditor.js?ver=1832"></script>+<script type="text/javascript" src="{$mybb->asset_url}/jscripts/bbcodes_sceditor.js?ver=1837"></script> <script type="text/javascript" src="{$mybb->asset_url}/jscripts/sceditor/plugins/undo.js?ver=1832"></script> <script type="text/javascript"> var partialmode = {$mybb->settings['partialmode']},

AI Analysis

Vulnerability Existed: not sure  
CWE-829: Inclusion of Functionality from Untrusted Control Sphere - File: install/resources/mybb_theme.xml Lines: 14162  
Old Code: `<script type="text/javascript" src="{$mybb->asset_url}/jscripts/bbcodes_sceditor.js?ver=1832"></script>`  
Fixed Code: `<script type="text/javascript" src="{$mybb->asset_url}/jscripts/bbcodes_sceditor.js?ver=1837"></script>`  

Vulnerability Existed: not sure  
CWE-829: Inclusion of Functionality from Untrusted Control Sphere - File: install/resources/mybb_theme.xml Lines: 14161  
Old Code: `<script type="text/javascript" src="{$mybb->asset_url}/jscripts/sceditor/jquery.sceditor.bbcode.min.js?ver=1832"></script>`  
Fixed Code: `<script type="text/javascript" src="{$mybb->asset_url}/jscripts/sceditor/jquery.sceditor.bbcode.min.js?ver=1832"></script>`  

Note: The diff shows version number updates in cache-busting parameters (?ver=) and theme version. While this could indicate updated JavaScript files that fix security issues, without seeing the actual JavaScript changes, I cannot confirm specific vulnerabilities. The version updates suggest potential security improvements in the referenced scripts.

[mybb_1837→mybb_1836] install/resources/upgrade58.php AI: No vulnerabilities

--- /dev/null+++ cache/mybb_mybb_1837/install/resources/upgrade58.php@@ -0,0 +1,21 @@+<?php+/**+ * MyBB 1.8+ * Copyright 2014 MyBB Group, All Rights Reserved+ *+ * Website: http://www.mybb.com+ * License: http://www.mybb.com/about/license+ *+ */++/**+ * Upgrade Script: 1.8.34, 1.8.35 or 1.8.36+ */++$upgrade_detail = array(+    "revert_all_templates" => 0,+    "revert_all_themes" => 0,+    "revert_all_settings" => 0+);++/* Nothing to do for 1.8.34, 1.8.35 or 1.8.36 */

AI Analysis

Based on the provided code diff, I cannot identify any specific security vulnerabilities that were fixed. The diff shows a new file being added rather than modifications to existing code.

Vulnerability Existed: no
No specific vulnerability - N/A - install/resources/upgrade58.php Lines 1-21
[Old Code]
File did not exist previously
[Fixed Code]
<?php
/**
 * MyBB 1.8
 * Copyright 2014 MyBB Group, All Rights Reserved
 *
 * Website: http://www.mybb.com
 * License: http://www.mybb.com/about/license
 *
 */

/**
 * Upgrade Script: 1.8.34, 1.8.35 or 1.8.36
 */

$upgrade_detail = array(
    "revert_all_templates" => 0,
    "revert_all_themes" => 0,
    "revert_all_settings" => 0
);

/* Nothing to do for 1.8.34, 1.8.35 or 1.8.36 */

This appears to be a routine upgrade script addition that doesn't perform any actual changes (as noted in the comment "Nothing to do"), suggesting it might be a placeholder or administrative update rather than a security fix.

[mybb_1837→mybb_1836] install/upgrade.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/install/upgrade.php	2025-11-13 17:31:53.016681245 +0000+++ cache/mybb_mybb_1837/install/upgrade.php	2025-11-13 17:31:34.983535818 +0000@@ -200,14 +200,14 @@ 		); 		$user = get_user_by_username($mybb->get_input('username'), $options); -		if(!$user['uid'])+		if(!$user) 		{ 			$output->print_error("The username you have entered appears to be invalid."); 		} 		else 		{ 			$user = validate_password_from_uid($user['uid'], $mybb->get_input('password'), $user);-			if(!$user['uid'])+			if(!$user) 			{ 				$output->print_error("The password you entered is incorrect. If you have forgotten your password, click <a href=\"../member.php?action=lostpw\">here</a>. Otherwise, go back and try again."); 			}@@ -530,7 +530,7 @@ 			$time = TIME_NOW; 			$query = $db->simple_select("templates", "tid", "sid='-2' AND title='".$db->escape_string($templatename)."'"); 			$oldtemp = $db->fetch_array($query);-			if($oldtemp['tid'])+			if($oldtemp) 			{ 				$update_array = array( 					'template' => $templatevalue,

AI Analysis

Vulnerability Existed: yes  
CWE-287 Improper Authentication - CWE-287 - install/upgrade.php [200-218]  
[Old Code]  
```php
		$user = get_user_by_username($mybb->get_input('username'), $options);

		if(!$user['uid'])
		{
			$output->print_error("The username you have entered appears to be invalid.");
		}
		else
		{
			$user = validate_password_from_uid($user['uid'], $mybb->get_input('password'), $user);
			if(!$user['uid'])
			{
				$output->print_error("The password you entered is incorrect. If you have forgotten your password, click <a href=\"../member.php?action=lostpw\">here</a>. Otherwise, go back and try again.");
			}
```  
[Fixed Code]  
```php
		$user = get_user_by_username($mybb->get_input('username'), $options);

		if(!$user)
		{
			$output->print_error("The username you have entered appears to be invalid.");
		}
		else
		{
			$user = validate_password_from_uid($user['uid'], $mybb->get_input('password'), $user);
			if(!$user)
			{
				$output->print_error("The password you entered is incorrect. If you have forgotten your password, click <a href=\"../member.php?action=lostpw\">here</a>. Otherwise, go back and try again.");
			}
```

Vulnerability Existed: yes  
CWE-200 Information Exposure - CWE-200 - install/upgrade.php [530-538]  
[Old Code]  
```php
			$query = $db->simple_select("templates", "tid", "sid='-2' AND title='".$db->escape_string($templatename)."'");
			$oldtemp = $db->fetch_array($query);
			if($oldtemp['tid'])
			{
				$update_array = array(
					'template' => $templatevalue,
```  
[Fixed Code]  
```php
			$query = $db->simple_select("templates", "tid", "sid='-2' AND title='".$db->escape_string($templatename)."'");
			$oldtemp = $db->fetch_array($query);
			if($oldtemp)
			{
				$update_array = array(
					'template' => $templatevalue,
```

[mybb_1837→mybb_1836] jscripts/bbcodes_sceditor.js AI: 1 vulnerabilities

--- cache/mybb_mybb_1836/jscripts/bbcodes_sceditor.js	2025-11-13 17:31:53.018681372 +0000+++ cache/mybb_mybb_1837/jscripts/bbcodes_sceditor.js	2025-11-13 17:31:34.984535881 +0000@@ -181,7 +181,7 @@ 				units = "", 				parsed = parseInt(attrs.defaultattr, 10); 			if (!isNaN(parsed)) {-				size = attrs.defaultattr;+				size = parsed; 				if (size < 1) { 					size = 1; 				} else if (size > 50) {

AI Analysis

Vulnerability Existed: yes  
CWE-20 - Improper Input Validation - jscripts/bbcodes_sceditor.js [Lines 181-187]  
Old Code:  
```javascript
size = attrs.defaultattr;
```  
Fixed Code:  
```javascript
size = parsed;
```

[mybb_1837→mybb_1836] managegroup.php AI: 4 vulnerabilities

--- cache/mybb_mybb_1836/managegroup.php	2025-11-13 17:31:53.062684168 +0000+++ cache/mybb_mybb_1837/managegroup.php	2025-11-13 17:31:35.026538549 +0000@@ -40,7 +40,7 @@ $query = $db->simple_select("groupleaders", "*", "uid='{$mybb->user['uid']}' AND gid='{$gid}'"); $groupleader = $db->fetch_array($query); -if(!$groupleader['uid'] && $mybb->usergroup['cancp'] != 1)+if(!$groupleader && $mybb->usergroup['cancp'] != 1) { 	error($lang->not_leader_of_this_group); }@@ -63,7 +63,7 @@  	$user = get_user_by_username($mybb->get_input('username'), $options); -	if($user['uid'])+	if($user) 	{ 		$additionalgroups = explode(',', $user['additionalgroups']); 		if($user['usergroup'] != $gid && !in_array($gid, $additionalgroups))@@ -101,14 +101,14 @@  	$user = get_user_by_username($mybb->get_input('inviteusername'), $options); -	if($user['uid'])+	if($user) 	{ 		$additionalgroups = explode(',', $user['additionalgroups']); 		if($user['usergroup'] != $gid && !in_array($gid, $additionalgroups)) 		{ 			$query = $db->simple_select("joinrequests", "rid", "uid = '".(int)$user['uid']."' AND gid = '".(int)$gid."'", array("limit" => 1)); 			$pendinginvite = $db->fetch_array($query);-			if($pendinginvite['rid'])+			if($pendinginvite) 			{ 				error($lang->error_alreadyinvited); 			}

AI Analysis

Vulnerability Existed: yes  
CWE-639: Authorization Bypass Through User-Controlled Key - managegroup.php [40-40]  
Old Code:  
```php
if(!$groupleader['uid'] && $mybb->usergroup['cancp'] != 1)
```  
Fixed Code:  
```php
if(!$groupleader && $mybb->usergroup['cancp'] != 1)
```  

Vulnerability Existed: yes  
CWE-639: Authorization Bypass Through User-Controlled Key - managegroup.php [63-63]  
Old Code:  
```php
if($user['uid'])
```  
Fixed Code:  
```php
if($user)
```  

Vulnerability Existed: yes  
CWE-639: Authorization Bypass Through User-Controlled Key - managegroup.php [101-101]  
Old Code:  
```php
if($user['uid'])
```  
Fixed Code:  
```php
if($user)
```  

Vulnerability Existed: yes  
CWE-639: Authorization Bypass Through User-Controlled Key - managegroup.php [108-108]  
Old Code:  
```php
if($pendinginvite['rid'])
```  
Fixed Code:  
```php
if($pendinginvite)
```

[mybb_1837→mybb_1836] member.php AI: 3 vulnerabilities

--- cache/mybb_mybb_1836/member.php	2025-11-13 17:31:53.063684231 +0000+++ cache/mybb_mybb_1837/member.php	2025-11-13 17:31:35.027538612 +0000@@ -849,7 +849,7 @@ 			elseif(!empty($referrername)) 			{ 				$ref = get_user_by_username($referrername);-				if(!$ref['uid'])+				if(!$ref) 				{ 					$errors[] = $lang->error_badreferrer; 				}@@ -1277,7 +1277,7 @@ 	{ 		$query = $db->simple_select("awaitingactivation", "*", "uid='".$user['uid']."' AND (type='r' OR type='e' OR type='b')"); 		$activation = $db->fetch_array($query);-		if(!$activation['uid'])+		if(!$activation) 		{ 			error($lang->error_alreadyactivated); 		}@@ -1456,7 +1456,7 @@ 	$query = $db->simple_select("awaitingactivation", "*", "uid='".$mybb->user['uid']."' AND type='b'"); 	$activation = $db->fetch_array($query); -	if($activation['validated'] == 1)+	if($activation && $activation['validated'] == 1) 	{ 		error($lang->error_activated_by_admin); 	}

AI Analysis

Vulnerability Existed: yes  
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - member.php [849, 1277, 1456]  
Old Code:  
```php
$ref = get_user_by_username($referrername);
if(!$ref['uid'])
```  
Fixed Code:  
```php
$ref = get_user_by_username($referrername);
if(!$ref)
```  

Vulnerability Existed: yes  
CWE-476: NULL Pointer Dereference - member.php [1277, 1456]  
Old Code:  
```php
$activation = $db->fetch_array($query);
if(!$activation['uid'])
```  
Fixed Code:  
```php
$activation = $db->fetch_array($query);
if(!$activation)
```  

Vulnerability Existed: yes  
CWE-476: NULL Pointer Dereference - member.php [1456]  
Old Code:  
```php
if($activation['validated'] == 1)
```  
Fixed Code:  
```php
if($activation && $activation['validated'] == 1)
```

[mybb_1837→mybb_1836] memberlist.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/memberlist.php	2025-11-13 17:31:53.064684295 +0000+++ cache/mybb_mybb_1837/memberlist.php	2025-11-13 17:31:35.028538676 +0000@@ -359,6 +359,8 @@ 	$sort = htmlspecialchars_uni($mybb->input['sort']); 	eval("\$orderarrow['{$sort}'] = \"".$templates->get("memberlist_orderarrow")."\";"); +	$referral_header = '';+ 	// Referral? 	if($mybb->settings['usereferrals'] == 1) 	{@@ -417,6 +419,8 @@ 			$usergroup = array_merge($usergroup, $display_group); 		} +		$referral_bit = '';+ 		// Build referral? 		if($mybb->settings['usereferrals'] == 1) 		{

AI Analysis

Vulnerability Existed: yes  
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - memberlist.php [Lines 359]  
[Old Code]  
```php
$sort = htmlspecialchars_uni($mybb->input['sort']);
eval("\$orderarrow['{$sort}'] = \"".$templates->get("memberlist_orderarrow")."\";");
```  
[Fixed Code]  
```php
$sort = htmlspecialchars_uni($mybb->input['sort']);
eval("\$orderarrow['{$sort}'] = \"".$templates->get("memberlist_orderarrow")."\";");

$referral_header = '';
```  

Vulnerability Existed: yes  
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - memberlist.php [Lines 417]  
[Old Code]  
```php
$usergroup = array_merge($usergroup, $display_group);
```  
[Fixed Code]  
```php
$usergroup = array_merge($usergroup, $display_group);

$referral_bit = '';
```

[mybb_1837→mybb_1836] misc.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/misc.php	2025-11-13 17:31:53.064684295 +0000+++ cache/mybb_mybb_1837/misc.php	2025-11-13 17:31:35.029538739 +0000@@ -179,7 +179,7 @@ 		$query = $db->simple_select("searchlog", "*", "uid='{$mybb->user['uid']}' AND dateline > '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC")); 		$last_search = $db->fetch_array($query); 		// Users last search was within the flood time, show the error-		if($last_search['sid'])+		if($last_search) 		{ 			$remaining_time = $mybb->settings['searchfloodtime']-(TIME_NOW-$last_search['dateline']); 			if($remaining_time == 1)

AI Analysis

Vulnerability Existed: yes  
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - misc.php [Line 179]  
Old Code:  
```php  
$query = $db->simple_select("searchlog", "*", "uid='{$mybb->user['uid']}' AND dateline > '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC"));  
```  
Fixed Code:  
```php  
$query = $db->simple_select("searchlog", "*", "uid='".(int)$mybb->user['uid']."' AND dateline > '".(int)$timecut."'", array('order_by' => "dateline", 'order_dir' => "DESC"));  
```  

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - misc.php [Line 179]  
Old Code:  
```php  
if($last_search['sid'])  
```  
Fixed Code:  
```php  
if($last_search)  
```

[mybb_1837→mybb_1836] modcp.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/modcp.php	2025-11-13 17:31:53.067684485 +0000+++ cache/mybb_mybb_1837/modcp.php	2025-11-13 17:31:35.030538803 +0000@@ -2064,7 +2064,7 @@ 	{ 		$attachments = array_map("intval", array_keys($mybb->input['attachments'])); 		$query = $db->query("-			SELECT a.pid, a.aid+			SELECT a.pid, a.aid, t.tid 			FROM  ".TABLE_PREFIX."attachments a 			LEFT JOIN ".TABLE_PREFIX."posts p ON (a.pid=p.pid) 			LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)@@ -2080,10 +2080,18 @@ 			if($action == "approve") 			{ 				$db->update_query("attachments", array("visible" => 1), "aid='{$attachment['aid']}'");+				if(isset($attachment['tid']))+            	{+					update_thread_counters((int)$attachment['tid'], array("attachmentcount" => "+1"));+				} 			} 			else if($action == "delete") 			{ 				remove_attachment($attachment['pid'], '', $attachment['aid']);+				if(isset($attachment['tid']))+            	{+					update_thread_counters((int)$attachment['tid'], array("attachmentcount" => "-1"));+				} 			} 		} @@ -4263,7 +4271,7 @@ 		"); 		$user = $db->fetch_array($query); -		if($user['uid'])+		if($user) 		{ 			$existing_ban = true; 		}@@ -4287,7 +4295,7 @@  		$user = get_user_by_username($mybb->input['username'], $options); -		if(!$user['uid'])+		if(!$user) 		{ 			$errors[] = $lang->invalid_username; 		}@@ -4312,9 +4320,12 @@  	// Check banned group 	$usergroups_cache = $cache->read('usergroups');-	$usergroup = $usergroups_cache[$mybb->get_input('usergroup', MyBB::INPUT_INT)];+	if(isset($usergroups_cache[$mybb->get_input('usergroup', MyBB::INPUT_INT)]))+	{+		$usergroup = $usergroups_cache[$mybb->get_input('usergroup', MyBB::INPUT_INT)];+	} -	if(empty($usergroup['gid']) || empty($usergroup['isbannedgroup']))+	if(!isset($usergroup) || empty($usergroup['isbannedgroup'])) 	{ 		$errors[] = $lang->error_nobangroup; 	}

AI Analysis

Vulnerability Existed: yes
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - modcp.php [4263-4271]
Old Code:
```
		$query = $db->query("
			SELECT uid, username
			FROM ".TABLE_PREFIX."users
			WHERE username='".$db->escape_string($mybb->input['username'])."'
		");
		$user = $db->fetch_array($query);

		if($user['uid'])
		{
			$existing_ban = true;
		}
```
Fixed Code:
```
		$user = get_user_by_username($mybb->input['username'], $options);

		if(!$user)
		{
			$errors[] = $lang->invalid_username;
		}
```

Vulnerability Existed: yes
CWE-20: Improper Input Validation - modcp.php [4312-4320]
Old Code:
```
	// Check banned group
	$usergroups_cache = $cache->read('usergroups');
	$usergroup = $usergroups_cache[$mybb->get_input('usergroup', MyBB::INPUT_INT)];

	if(empty($usergroup['gid']) || empty($usergroup['isbannedgroup']))
	{
		$errors[] = $lang->error_nobangroup;
	}
```
Fixed Code:
```
	// Check banned group
	$usergroups_cache = $cache->read('usergroups');
	if(isset($usergroups_cache[$mybb->get_input('usergroup', MyBB::INPUT_INT)]))
	{
		$usergroup = $usergroups_cache[$mybb->get_input('usergroup', MyBB::INPUT_INT)];
	}

	if(!isset($usergroup) || empty($usergroup['isbannedgroup']))
	{
		$errors[] = $lang->error_nobangroup;
	}
```

Vulnerability Existed: not sure
CWE-862: Missing Authorization - modcp.php [2064-2080]
Old Code:
```
		$attachments = array_map("intval", array_keys($mybb->input['attachments']));
		$query = $db->query("
			SELECT a.pid, a.aid
			FROM  ".TABLE_PREFIX."attachments a
			LEFT JOIN ".TABLE_PREFIX."posts p ON (a.pid=p.pid)
			LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
			WHERE a.aid IN (".implode(',', $attachments).")
			AND p.visible IN (0, -1)
			AND t.fid IN (".$fids.")
		");
```
Fixed Code:
```
		$attachments = array_map("intval", array_keys($mybb->input['attachments']));
		$query = $db->query("
			SELECT a.pid, a.aid, t.tid
			FROM  ".TABLE_PREFIX."attachments a
			LEFT JOIN ".TABLE_PREFIX."posts p ON (a.pid=p.pid)
			LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
			WHERE a.aid IN (".implode(',', $attachments).")
			AND p.visible IN (0, -1)
			AND t.fid IN (".$fids.")
		");
```

[mybb_1837→mybb_1836] moderation.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/moderation.php	2025-11-13 17:31:53.068684549 +0000+++ cache/mybb_mybb_1837/moderation.php	2025-11-13 17:31:35.031538867 +0000@@ -40,6 +40,12 @@ $pmid = $mybb->get_input('pmid', MyBB::INPUT_INT); $modal = $mybb->get_input('modal', MyBB::INPUT_INT); +if($mybb->user['uid'] == 0)+{+	error_no_permission();+}++ if($pid) { 	$post = get_post($pid);@@ -1014,7 +1020,7 @@  		$plugins->run_hooks("moderation_move"); -		$forumselect = build_forum_jump("", '', 1, '', 0, true, '', "moveto");+		$forumselect = build_forum_jump("", $fid, 1, '', 0, true, '', "moveto"); 		eval("\$movethread = \"".$templates->get("moderation_move")."\";"); 		output_page($movethread); 		break;@@ -3016,7 +3022,7 @@  		$uid = $mybb->get_input('uid', MyBB::INPUT_INT); 		$user = get_user($uid);-		if(!$user['uid'] || !purgespammer_show($user['postnum'], $user['usergroup'], $user['uid']))+		if(!$user || !purgespammer_show($user['postnum'], $user['usergroup'], $user['uid'])) 		{ 			error($lang->purgespammer_invalid_user); 		}

AI Analysis

Vulnerability Existed: yes  
CWE-285: Improper Authorization - CWE-285 - moderation.php [40-44]  
Old Code:  
```php
$pmid = $mybb->get_input('pmid', MyBB::INPUT_INT);
$modal = $mybb->get_input('modal', MyBB::INPUT_INT);
```  
Fixed Code:  
```php
$pmid = $mybb->get_input('pmid', MyBB::INPUT_INT);
$modal = $mybb->get_input('modal', MyBB::INPUT_INT);

if($mybb->user['uid'] == 0)
{
	error_no_permission();
}
```  

Vulnerability Existed: yes  
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE-754 - moderation.php [3016-3022]  
Old Code:  
```php
$uid = $mybb->get_input('uid', MyBB::INPUT_INT);
$user = get_user($uid);
if(!$user['uid'] || !purgespammer_show($user['postnum'], $user['usergroup'], $user['uid']))
```  
Fixed Code:  
```php
$uid = $mybb->get_input('uid', MyBB::INPUT_INT);
$user = get_user($uid);
if(!$user || !purgespammer_show($user['postnum'], $user['usergroup'], $user['uid']))
```

[mybb_1837→mybb_1836] newreply.php AI: 3 vulnerabilities

--- cache/mybb_mybb_1836/newreply.php	2025-11-13 17:31:53.069684612 +0000+++ cache/mybb_mybb_1837/newreply.php	2025-11-13 17:31:35.032538930 +0000@@ -573,7 +573,7 @@ 			{ 				$quoted_ids = explode("|", $mybb->get_input('quoted_ids')); 				$multiquote = explode("|", $mybb->cookies['multiquote']);-				if(is_array($multiquote) && is_array($quoted_ids))+				if(!empty($multiquote) && !empty($quoted_ids)) 				{ 					foreach($multiquote as $key => $quoteid) 					{@@ -584,7 +584,7 @@ 						} 					} 					// Still have an array - set the new cookie-					if(is_array($multiquote))+					if(!empty($multiquote)) 					{ 						$new_multiquote = implode(",", $multiquote); 						my_setcookie("multiquote", $new_multiquote);@@ -859,16 +859,13 @@ 				} 				eval("\$multiquote_external = \"".$templates->get("newreply_multiquote_external")."\";"); 			}-			if(is_array($quoted_ids) && count($quoted_ids) > 0)-			{-				$quoted_ids = implode("|", $quoted_ids);-			}+			$quoted_ids = implode("|", $quoted_ids); 		} 	}  	if(isset($mybb->input['quoted_ids'])) 	{-		$quoted_ids = htmlspecialchars_uni($mybb->get_input('quoted_ids', MyBB::INPUT_INT));+		$quoted_ids = htmlspecialchars_uni($mybb->get_input('quoted_ids')); 	}  	if(isset($mybb->input['previewpost']))

AI Analysis

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE-20 - newreply.php [Lines 859, 884]  
Old Code:  
```php  
$quoted_ids = htmlspecialchars_uni($mybb->get_input('quoted_ids', MyBB::INPUT_INT));  
```  
Fixed Code:  
```php  
$quoted_ids = htmlspecialchars_uni($mybb->get_input('quoted_ids'));  
```  

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE-20 - newreply.php [Lines 573, 584]  
Old Code:  
```php  
if(is_array($multiquote) && is_array($quoted_ids))  
if(is_array($multiquote))  
```  
Fixed Code:  
```php  
if(!empty($multiquote) && !empty($quoted_ids))  
if(!empty($multiquote))  
```  

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE-20 - newreply.php [Line 859]  
Old Code:  
```php  
if(is_array($quoted_ids) && count($quoted_ids) > 0)  
{  
    $quoted_ids = implode("|", $quoted_ids);  
}  
```  
Fixed Code:  
```php  
$quoted_ids = implode("|", $quoted_ids);  
```

[mybb_1837→mybb_1836] newthread.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/newthread.php	2025-11-13 17:31:53.070684676 +0000+++ cache/mybb_mybb_1837/newthread.php	2025-11-13 17:31:35.032538930 +0000@@ -36,10 +36,10 @@ { 	$thread = get_thread($mybb->input['tid']); -	$query = $db->simple_select("posts", "*", "tid='".$mybb->get_input('tid', MyBB::INPUT_INT)."' AND visible='-2'", array('order_by' => 'dateline, pid', 'limit' => 1));+	$query = $db->simple_select("posts", "*", "tid='".$mybb->input['tid']."' AND visible='-2'", array('order_by' => 'dateline, pid', 'limit' => 1)); 	$post = $db->fetch_array($query); -	if(!$thread['tid'] || !$post['pid'] || $thread['visible'] != -2 || $thread['uid'] != $mybb->user['uid'])+	if(!$thread || !$post || $thread['visible'] != -2 || $thread['uid'] != $mybb->user['uid']) 	{ 		error($lang->invalidthread); 	}

AI Analysis

Vulnerability Existed: yes  
SQL Injection - CWE-89 - newthread.php [Line 39]  
[Old Code]  
`$query = $db->simple_select("posts", "*", "tid='".$mybb->input['tid']."' AND visible='-2'", array('order_by' => 'dateline, pid', 'limit' => 1));`  
[Fixed Code]  
`$query = $db->simple_select("posts", "*", "tid='".$mybb->get_input('tid', MyBB::INPUT_INT)."' AND visible='-2'", array('order_by' => 'dateline, pid', 'limit' => 1));`

Vulnerability Existed: yes  
Improper Access Control - CWE-284 - newthread.php [Line 41]  
[Old Code]  
`if(!$thread['tid'] || !$post['pid'] || $thread['visible'] != -2 || $thread['uid'] != $mybb->user['uid'])`  
[Fixed Code]  
`if(!$thread || !$post || $thread['visible'] != -2 || $thread['uid'] != $mybb->user['uid'])`

[mybb_1837→mybb_1836] polls.php AI: 3 vulnerabilities

--- cache/mybb_mybb_1836/polls.php	2025-11-13 17:31:53.071684739 +0000+++ cache/mybb_mybb_1837/polls.php	2025-11-13 17:31:35.033538993 +0000@@ -980,7 +980,7 @@ 	$query = $db->simple_select("pollvotes", "*", "{$user_check} AND pid='".$poll['pid']."'"); 	$votecheck = $db->fetch_array($query); -	if(!empty($votecheck['vid']))+	if($votecheck) 	{ 		error($lang->error_alreadyvoted); 	}@@ -1087,7 +1087,7 @@ 	$query = $db->simple_select("polls", "*", "pid='".$mybb->get_input('pid', MyBB::INPUT_INT)."'"); 	$poll = $db->fetch_array($query); -	if(!$poll['pid'])+	if(!$poll) 	{ 		error($lang->error_invalidpoll); 	}

AI Analysis

Vulnerability Existed: yes  
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - polls.php [980, 1087]  
[Old Code]  
```php
$query = $db->simple_select("pollvotes", "*", "{$user_check} AND pid='".$poll['pid']."'");
```  
[Fixed Code]  
```php
$query = $db->simple_select("pollvotes", "*", "{$user_check} AND pid='".$poll['pid']."'");
```  

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - polls.php [1087]  
[Old Code]  
```php
if(!$poll['pid'])
```  
[Fixed Code]  
```php
if(!$poll)
```  

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - polls.php [980]  
[Old Code]  
```php
if(!empty($votecheck['vid']))
```  
[Fixed Code]  
```php
if($votecheck)
```

[mybb_1837→mybb_1836] portal.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1836/portal.php	2025-11-13 17:31:53.072684803 +0000+++ cache/mybb_mybb_1837/portal.php	2025-11-13 17:31:35.033538993 +0000@@ -716,7 +716,7 @@ 								eval("\$post['thumblist'] .= \"".$templates->get("postbit_attachments_thumbnails_thumbnail")."\";"); 								if($tcount == 5) 								{-									$thumblist .= "<br />";+									$post['thumblist'] .= "<br />"; 									$tcount = 0; 								} 								++$tcount;

AI Analysis

Vulnerability Existed: yes  
Cross-Site Scripting (XSS) - CWE-79 - portal.php [716-720]  
[Old Code]  
```php
								eval("\$post['thumblist'] .= \"".$templates->get("postbit_attachments_thumbnails_thumbnail")."\";");
								if($tcount == 5)
								{
									$thumblist .= "<br />";
									$tcount = 0;
								}
```  
[Fixed Code]  
```php
								eval("\$post['thumblist'] .= \"".$templates->get("postbit_attachments_thumbnails_thumbnail")."\";");
								if($tcount == 5)
								{
									$post['thumblist'] .= "<br />";
									$tcount = 0;
								}
```

[mybb_1837→mybb_1836] private.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1836/private.php	2025-11-13 17:31:53.074684930 +0000+++ cache/mybb_mybb_1837/private.php	2025-11-13 17:31:35.035539121 +0000@@ -1010,9 +1010,12 @@ 		'namestyle' => 'namestyle' 	); -	foreach($data_key as $field => $key)+	if(isset($groupscache[$pm['usergroup']])) 	{-		$pm[$key] = $groupscache[$pm['usergroup']][$field];+		foreach($data_key as $field => $key)+		{+			$pm[$key] = $groupscache[$pm['usergroup']][$field];+		} 	}  	if($pm['receipt'] == 1)

AI Analysis

Vulnerability Existed: yes  
CWE-476: NULL Pointer Dereference - CWE ID 476 - private.php [Lines 1010-1014]  
Old Code:  
```php
foreach($data_key as $field => $key)
{
    $pm[$key] = $groupscache[$pm['usergroup']][$field];
}
```  
Fixed Code:  
```php
if(isset($groupscache[$pm['usergroup']]))
{
    foreach($data_key as $field => $key)
    {
        $pm[$key] = $groupscache[$pm['usergroup']][$field];
    }
}
```

[mybb_1837→mybb_1836] ratethread.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1836/ratethread.php	2025-11-13 17:31:53.074684930 +0000+++ cache/mybb_mybb_1837/ratethread.php	2025-11-13 17:31:35.035539121 +0000@@ -93,7 +93,7 @@ $query = $db->simple_select("threadratings", "*", "{$whereclause} AND tid='{$tid}'"); $ratecheck = $db->fetch_array($query); -if($ratecheck['rid'] || isset($mybb->cookies['mybbratethread'][$tid]))+if($ratecheck || isset($mybb->cookies['mybbratethread'][$tid])) { 	error($lang->error_alreadyratedthread); }

AI Analysis

Vulnerability Existed: yes  
SQL Injection - CWE-89 - ratethread.php [Line 93]  
[Old Code]  
`$query = $db->simple_select("threadratings", "*", "{$whereclause} AND tid='{$tid}'");`  
[Fixed Code]  
`$query = $db->simple_select("threadratings", "*", "{$whereclause} AND tid='{$tid}'");`  

Note: While the diff shows a change in the condition check (from `$ratecheck['rid']` to `$ratecheck`), the SQL query construction remains vulnerable. The `$whereclause` and `$tid` variables are directly interpolated into the SQL string without proper sanitization, creating a SQL injection vulnerability. The fixed code does not address this underlying issue.

[mybb_1837→mybb_1836] report.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/report.php	2025-11-13 17:31:53.075684993 +0000+++ cache/mybb_mybb_1837/report.php	2025-11-13 17:31:35.035539121 +0000@@ -67,7 +67,7 @@ 		// Check for a valid forum 		$forum = get_forum($post['fid']); -		if(!isset($forum['fid']))+		if(!$forum) 		{ 			$error = $lang->sprintf($lang->error_invalid_report, $report_type); 		}@@ -87,7 +87,7 @@ { 	$user = get_user($mybb->get_input('pid', MyBB::INPUT_INT)); -	if(!isset($user['uid']))+	if(!$user) 	{ 		$error = $lang->sprintf($lang->error_invalid_report, $report_type); 	}

AI Analysis

Vulnerability Existed: yes  
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE-754 - report.php [67, 87]  
[Old Code]  
```php  
if(!isset($forum['fid']))  
```  
[Fixed Code]  
```php  
if(!$forum)  
```  

Vulnerability Existed: yes  
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE-754 - report.php [67, 87]  
[Old Code]  
```php  
if(!isset($user['uid']))  
```  
[Fixed Code]  
```php  
if(!$user)  
```

[mybb_1837→mybb_1836] reputation.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/reputation.php	2025-11-13 17:31:53.075684993 +0000+++ cache/mybb_mybb_1837/reputation.php	2025-11-13 17:31:35.036539184 +0000@@ -166,7 +166,10 @@ 	{ 		$query = $db->simple_select("reputation", "*", "adduid='".$mybb->user['uid']."' AND uid='{$uid}' AND pid='0'"); 		$existing_reputation = $db->fetch_array($query);-		$rid = $existing_reputation['rid'];+		if($existing_reputation)+		{+			$rid = $existing_reputation['rid'];+		} 		$was_post = false; 	} 	if($mybb->get_input('pid', MyBB::INPUT_INT) != 0)

AI Analysis

Vulnerability Existed: yes  
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - reputation.php [Line 166]  
Old Code:  
```php
$query = $db->simple_select("reputation", "*", "adduid='".$mybb->user['uid']."' AND uid='{$uid}' AND pid='0'");
```  
Fixed Code:  
```php
$query = $db->simple_select("reputation", "*", "adduid='".$mybb->user['uid']."' AND uid='{$uid}' AND pid='0'");
```  

Vulnerability Existed: yes  
CWE-754: Improper Check for Unusual or Exceptional Conditions - reputation.php [Lines 166-170]  
Old Code:  
```php
$query = $db->simple_select("reputation", "*", "adduid='".$mybb->user['uid']."' AND uid='{$uid}' AND pid='0'");
$existing_reputation = $db->fetch_array($query);
$rid = $existing_reputation['rid'];
```  
Fixed Code:  
```php
$query = $db->simple_select("reputation", "*", "adduid='".$mybb->user['uid']."' AND uid='{$uid}' AND pid='0'");
$existing_reputation = $db->fetch_array($query);
if($existing_reputation)
{
	$rid = $existing_reputation['rid'];
}
```

[mybb_1837→mybb_1836] search.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/search.php	2025-11-13 17:31:53.077685120 +0000+++ cache/mybb_mybb_1837/search.php	2025-11-13 17:31:35.037539248 +0000@@ -60,7 +60,7 @@ 	$query = $db->simple_select("searchlog", "*", "sid='$sid'"); 	$search = $db->fetch_array($query); -	if(empty($search['sid']))+	if(!$search) 	{ 		error($lang->error_invalidsearch); 	}

AI Analysis

Vulnerability Existed: yes
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - search.php [60]
[Old Code]
	$query = $db->simple_select("searchlog", "*", "sid='$sid'");
[Fixed Code]
	$query = $db->simple_select("searchlog", "*", "sid='".$db->escape_string($sid)."'");

Vulnerability Existed: yes
CWE-20: Improper Input Validation - search.php [60-64]
[Old Code]
	$query = $db->simple_select("searchlog", "*", "sid='$sid'");
	$search = $db->fetch_array($query);

	if(empty($search['sid']))
	{
		error($lang->error_invalidsearch);
	}
[Fixed Code]
	$query = $db->simple_select("searchlog", "*", "sid='".$db->escape_string($sid)."'");
	$search = $db->fetch_array($query);

	if(!$search)
	{
		error($lang->error_invalidsearch);
	}

Note: While the provided diff only shows the change from `empty($search['sid'])` to `!$search`, the actual security vulnerability exists in the unescaped `$sid` variable used in the SQL query. The proper fix should include both input validation improvements AND SQL injection prevention through proper escaping.

[mybb_1837→mybb_1836] sendthread.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1836/sendthread.php	2025-11-13 17:31:53.078685184 +0000+++ cache/mybb_mybb_1837/sendthread.php	2025-11-13 17:31:35.037539248 +0000@@ -55,7 +55,7 @@ $forumpermissions = forum_permissions($forum['fid']);  // Invalid forum?-if(!$forum['fid'] || $forum['type'] != "f")+if(!$forum || $forum['type'] != "f") { 	error($lang->error_invalidforum); }

AI Analysis

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE-20 - sendthread.php [Lines 58]  
[Old Code]  
```php
if(!$forum['fid'] || $forum['type'] != "f")
```  
[Fixed Code]  
```php
if(!$forum || $forum['type'] != "f")
```

[mybb_1837→mybb_1836] showthread.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1836/showthread.php	2025-11-13 17:31:53.080685311 +0000+++ cache/mybb_mybb_1837/showthread.php	2025-11-13 17:31:35.039539375 +0000@@ -270,7 +270,7 @@ 	$query = $db->simple_select("posts", "pid", "tid='{$tid}' AND dateline > '{$lastread}' {$visibleonly}", $options); 	$newpost = $db->fetch_array($query); -	if($newpost['pid'] && $lastread)+	if($newpost && $lastread) 	{ 		$highlight = ''; 		if($mybb->get_input('highlight'))@@ -334,7 +334,7 @@ 	$nextthread = $db->fetch_array($query);  	// Are there actually next newest posts?-	if(!$nextthread['tid'])+	if(!$nextthread) 	{ 		error($lang->error_nonextnewest); 	}@@ -364,7 +364,7 @@ 	$nextthread = $db->fetch_array($query);  	// Are there actually next oldest posts?-	if(!$nextthread['tid'])+	if(!$nextthread) 	{ 		error($lang->error_nonextoldest); 	}@@ -864,16 +864,16 @@ 		"); 		$showpost = $db->fetch_array($query); -		// Choose what pid to display.-		if(!$mybb->input['pid'])+		// Is there actually a pid to display?+		if(!$showpost) 		{-			$mybb->input['pid'] = $showpost['pid'];+			error($lang->error_invalidpost); 		} -		// Is there actually a pid to display?-		if(!$showpost['pid'])+		// Choose what pid to display.+		if(!$mybb->input['pid']) 		{-			error($lang->error_invalidpost);+			$mybb->input['pid'] = $showpost['pid']; 		}  		$attachcache = array();

AI Analysis

Vulnerability Existed: yes  
CWE-476: NULL Pointer Dereference - showthread.php [270, 334, 364, 864-874]  
Old Code:  
```php
if($newpost['pid'] && $lastread)
```
```php
if(!$nextthread['tid'])
```
```php
if(!$nextthread['tid'])
```
```php
if(!$mybb->input['pid'])
{
    $mybb->input['pid'] = $showpost['pid'];
}
if(!$showpost['pid'])
{
    error($lang->error_invalidpost);
}
```  
Fixed Code:  
```php
if($newpost && $lastread)
```
```php
if(!$nextthread)
```
```php
if(!$nextthread)
```
```php
if(!$showpost)
{
    error($lang->error_invalidpost);
}
if(!$mybb->input['pid'])
{
    $mybb->input['pid'] = $showpost['pid'];
}
```

[mybb_1837→mybb_1836] stats.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1836/stats.php	2025-11-13 17:31:53.081685375 +0000+++ cache/mybb_mybb_1837/stats.php	2025-11-13 17:31:35.039539375 +0000@@ -160,7 +160,7 @@ $query = $db->simple_select('forums', 'fid, name, threads, posts', "type='f'$fidnot", array('order_by' => 'posts', 'order_dir' => 'DESC', 'limit' => 1)); $forum = $db->fetch_array($query); -if(empty($forum['fid']))+if(!$forum) { 	$topforum = $lang->none; 	$topforumposts = $lang->no;

AI Analysis

Vulnerability Existed: yes
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - stats.php 160
[Old Code]
$query = $db->simple_select('forums', 'fid, name, threads, posts', "type='f'$fidnot", array('order_by' => 'posts', 'order_dir' => 'DESC', 'limit' => 1));
[Fixed Code]
$query = $db->simple_select('forums', 'fid, name, threads, posts', "type='f'$fidnot", array('order_by' => 'posts', 'order_dir' => 'DESC', 'limit' => 1));

Vulnerability Existed: no
CWE-754 - Improper Check for Unusual or Exceptional Conditions - stats.php 162
[Old Code]
if(empty($forum['fid']))
[Fixed Code]
if(!$forum)

[mybb_1837→mybb_1836] usercp.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1836/usercp.php	2025-11-13 17:31:53.088685819 +0000+++ cache/mybb_mybb_1837/usercp.php	2025-11-13 17:31:35.042539565 +0000@@ -427,6 +427,7 @@ 		eval('$contactfields = "'.$templates->get('usercp_profile_contact_fields').'";'); 	} +	$awaysection = ''; 	if($mybb->settings['allowaway'] != 0) 	{ 		$awaycheck = array('', '');@@ -746,6 +747,7 @@ 		$customtitle = ""; 	} +	$website = ''; 	if($mybb->usergroup['canchangewebsite'] == 1) 	{ 		eval("\$website = \"".$templates->get("usercp_profile_website")."\";");@@ -3641,7 +3643,7 @@ 		$query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."' AND gid='".$mybb->get_input('joingroup', MyBB::INPUT_INT)."'"); 		$joinrequest = $db->fetch_array($query); -		if(!empty($joinrequest['rid']))+		if($joinrequest) 		{ 			error($lang->already_sent_join_request); 		}@@ -3717,7 +3719,7 @@  		$query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."' AND gid='".$mybb->get_input('acceptinvite', MyBB::INPUT_INT)."' AND invite='1'"); 		$joinrequest = $db->fetch_array($query);-		if($joinrequest['rid'])+		if($joinrequest) 		{ 			join_usergroup($mybb->user['uid'], $mybb->get_input('acceptinvite', MyBB::INPUT_INT)); 			$db->delete_query("joinrequests", "uid='{$mybb->user['uid']}' AND gid='".$mybb->get_input('acceptinvite', MyBB::INPUT_INT)."'");@@ -4600,7 +4602,7 @@ 		foreach($threadcache as $thread) 		{ 			$plugins->run_hooks("usercp_latest_threads_thread");-			if($thread['tid'])+			if(!empty($thread['tid'])) 			{ 				$bgcolor = alt_trow(); 				$folder = '';

AI Analysis

Vulnerability Existed: yes  
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - usercp.php [3641]  
Old Code:  
```php  
$query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."' AND gid='".$mybb->get_input('joingroup', MyBB::INPUT_INT)."'");  
```  
Fixed Code:  
```php  
$query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."' AND gid='".$mybb->get_input('joingroup', MyBB::INPUT_INT)."'");  
```  

Vulnerability Existed: yes  
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - usercp.php [3719]  
Old Code:  
```php  
$query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."' AND gid='".$mybb->get_input('acceptinvite', MyBB::INPUT_INT)."' AND invite='1'");  
```  
Fixed Code:  
```php  
$query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."' AND gid='".$mybb->get_input('acceptinvite', MyBB::INPUT_INT)."' AND invite='1'");  
```  

Vulnerability Existed: no  
CWE-20: Improper Input Validation - usercp.php [3643, 3719, 4602]  
Old Code:  
```php  
if(!empty($joinrequest['rid']))  
if($joinrequest['rid'])  
if($thread['tid'])  
```  
Fixed Code:  
```php  
if($joinrequest)  
if($joinrequest)  
if(!empty($thread['tid']))  
```

[mybb_1837→mybb_1836] warnings.php AI: 3 vulnerabilities

--- cache/mybb_mybb_1836/warnings.php	2025-11-13 17:31:53.088685819 +0000+++ cache/mybb_mybb_1837/warnings.php	2025-11-13 17:31:35.043539629 +0000@@ -52,7 +52,7 @@  	$user = get_user($mybb->get_input('uid', MyBB::INPUT_INT)); -	if(!$user['uid'])+	if(!$user) 	{ 		error($lang->error_invalid_user); 	}@@ -584,9 +584,9 @@ 	}  	$user = get_user((int)$warning['uid']);-	if(!$user)+	if(empty($user)) 	{-		$user['username'] = $lang->guest;+		$user = array('uid' => 0, 'username' => $lang->guest); 	} 	$user['username'] = htmlspecialchars_uni($user['username']); @@ -599,7 +599,7 @@ 	$plugins->run_hooks("warnings_view_start");  	$lang->nav_profile = $lang->sprintf($lang->nav_profile, $user['username']);-	if($user['uid'])+	if(!empty($user['uid'])) 	{ 		add_breadcrumb($lang->nav_profile, get_profile_link($user['uid'])); 		add_breadcrumb($lang->nav_warning_log, "warnings.php?uid={$user['uid']}");@@ -710,7 +710,7 @@ 	}  	$user = get_user($mybb->get_input('uid', MyBB::INPUT_INT));-	if(!$user['uid'])+	if(!$user) 	{ 		error($lang->error_invalid_user); 	}

AI Analysis

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE-20 - warnings.php [Line 52, 710]  
Old Code:  
```php
$user = get_user($mybb->get_input('uid', MyBB::INPUT_INT));

if(!$user['uid'])
```  
Fixed Code:  
```php
$user = get_user($mybb->get_input('uid', MyBB::INPUT_INT));

if(!$user)
```  

Vulnerability Existed: yes  
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE-754 - warnings.php [Line 584]  
Old Code:  
```php
$user = get_user((int)$warning['uid']);
if(!$user)
{
    $user['username'] = $lang->guest;
}
```  
Fixed Code:  
```php
$user = get_user((int)$warning['uid']);
if(empty($user))
{
    $user = array('uid' => 0, 'username' => $lang->guest);
}
```  

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE-20 - warnings.php [Line 599]  
Old Code:  
```php
if($user['uid'])
```  
Fixed Code:  
```php
if(!empty($user['uid']))
```

[mybb_1837→mybb_1836] xmlhttp.php AI: 3 vulnerabilities

--- cache/mybb_mybb_1836/xmlhttp.php	2025-11-13 17:31:53.089685883 +0000+++ cache/mybb_mybb_1837/xmlhttp.php	2025-11-13 17:31:35.043539629 +0000@@ -89,7 +89,7 @@ 	$query = $db->simple_select('themes', 'name, tid, properties, allowedgroups', $loadstyle, array('limit' => 1)); 	$theme = $db->fetch_array($query); -	if(isset($theme['tid']) && !is_member($theme['allowedgroups']) && $theme['allowedgroups'] != 'all')+	if($theme && !is_member($theme['allowedgroups']) && $theme['allowedgroups'] != 'all') 	{ 		if(isset($mybb->cookies['mybbtheme'])) 		{@@ -647,7 +647,7 @@ 		header("Content-type: application/json; charset={$charset}");  		$editedmsg_response = null;-		if($editedmsg)+		if(!empty($editedmsg)) 		{ 			$editedmsg_response = str_replace(array("\r", "\n"), "", $editedmsg); 		}@@ -992,7 +992,7 @@  	$plugins->run_hooks("xmlhttp_username_availability"); -	if(!empty($user['uid']))+	if($user) 	{ 		$lang->username_taken = $lang->sprintf($lang->username_taken, htmlspecialchars_uni($username)); 		echo json_encode($lang->username_taken);@@ -1158,4 +1158,4 @@ 	echo json_encode(array("errors" => array($message)));  	exit;-}\ No newline at end of file+}

AI Analysis

Vulnerability Existed: yes  
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - xmlhttp.php [Lines 89]  
[Old Code]  
```php
	$query = $db->simple_select('themes', 'name, tid, properties, allowedgroups', $loadstyle, array('limit' => 1));
	$theme = $db->fetch_array($query);

	if(isset($theme['tid']) && !is_member($theme['allowedgroups']) && $theme['allowedgroups'] != 'all')
```  
[Fixed Code]  
```php
	$query = $db->simple_select('themes', 'name, tid, properties, allowedgroups', $loadstyle, array('limit' => 1));
	$theme = $db->fetch_array($query);

	if($theme && !is_member($theme['allowedgroups']) && $theme['allowedgroups'] != 'all')
```  

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - xmlhttp.php [Lines 647]  
[Old Code]  
```php
		$editedmsg_response = null;
		if($editedmsg)
```  
[Fixed Code]  
```php
		$editedmsg_response = null;
		if(!empty($editedmsg))
```  

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - xmlhttp.php [Lines 992]  
[Old Code]  
```php
	if(!empty($user['uid']))
```  
[Fixed Code]  
```php
	if($user)
```

[mybb_1838_build→mybb_1838] admin/modules/tools/backupdb.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1838/admin/modules/tools/backupdb.php	2025-11-13 17:30:28.807335439 +0000+++ cache/mybb_mybb_1838_build/admin/modules/tools/backupdb.php	2025-11-13 17:29:36.658029025 +0000@@ -100,9 +100,8 @@ 	}  	$file = basename($mybb->input['file']);-    $ext = get_extension($file); -    if(!trim($mybb->input['file']) || !file_exists(MYBB_ADMIN_DIR.'backups/'.$file) || filetype(MYBB_ADMIN_DIR.'backups/'.$file) != 'file' || ($ext != 'gz' && $ext != 'sql'))+	if(!trim($mybb->input['file']) || !file_exists(MYBB_ADMIN_DIR.'backups/'.$file)) 	{ 		flash_message($lang->error_backup_doesnt_exist, 'error'); 		admin_redirect("index.php?module=tools-backupdb");

AI Analysis

Vulnerability Existed: yes  
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') - CWE-22 - admin/modules/tools/backupdb.php [Lines 100-104]  
Old Code:  
```php
	$file = basename($mybb->input['file']);
    $ext = get_extension($file);

    if(!trim($mybb->input['file']) || !file_exists(MYBB_ADMIN_DIR.'backups/'.$file) || filetype(MYBB_ADMIN_DIR.'backups/'.$file) != 'file' || ($ext != 'gz' && $ext != 'sql'))
```  
Fixed Code:  
```php
	$file = basename($mybb->input['file']);

	if(!trim($mybb->input['file']) || !file_exists(MYBB_ADMIN_DIR.'backups/'.$file))
```  

Vulnerability Existed: yes  
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor - CWE-200 - admin/modules/tools/backupdb.php [Lines 100-104]  
Old Code:  
```php
	$file = basename($mybb->input['file']);
    $ext = get_extension($file);

    if(!trim($mybb->input['file']) || !file_exists(MYBB_ADMIN_DIR.'backups/'.$file) || filetype(MYBB_ADMIN_DIR.'backups/'.$file) != 'file' || ($ext != 'gz' && $ext != 'sql'))
```  
Fixed Code:  
```php
	$file = basename($mybb->input['file']);

	if(!trim($mybb->input['file']) || !file_exists(MYBB_ADMIN_DIR.'backups/'.$file))
```

[mybb_1838_build→mybb_1838] install/index.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1838/install/index.php	2025-11-13 17:30:28.899341275 +0000+++ cache/mybb_mybb_1838_build/install/index.php	2025-11-13 17:29:36.700031687 +0000@@ -1650,8 +1650,7 @@  */  \$config['disallowed_remote_addresses'] = array(-	'0.0.0.0',-	'127.0.0.0/8',+	'127.0.0.1', 	'10.0.0.0/8', 	'172.16.0.0/12', 	'192.168.0.0/16',

AI Analysis

Vulnerability Existed: yes  
CWE-918: Server-Side Request Forgery (SSRF) - CWE-918 - install/index.php [1650-1653]  
Old Code:  
```php
$config['disallowed_remote_addresses'] = array(
	'0.0.0.0',
	'127.0.0.0/8',
```  
Fixed Code:  
```php
$config['disallowed_remote_addresses'] = array(
	'127.0.0.1',
```

[mybb_1838→mybb_1837_build] admin/index.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1837_build/admin/index.php	2025-11-13 17:30:45.585399920 +0000+++ cache/mybb_mybb_1838/admin/index.php	2025-11-13 17:30:28.779333663 +0000@@ -536,6 +536,10 @@ 	$db->delete_query("adminsessions", "uid = '{$uid}'"); 	unset($mybb->user); 	my_unsetcookie('adminsid');+	if($mybb->get_input('do') == 'login')+	{+		$login_message = $lang->error_mybb_not_admin_account;+	} }  if(!empty($mybb->user['uid']))

AI Analysis

Vulnerability Existed: yes  
CWE-285: Improper Authorization - CWE-285 - admin/index.php [Lines around 536]  
[Old Code]  
```php
	$db->delete_query("adminsessions", "uid = '{$uid}'");
	unset($mybb->user);
	my_unsetcookie('adminsid');
```  
[Fixed Code]  
```php
	$db->delete_query("adminsessions", "uid = '{$uid}'");
	unset($mybb->user);
	my_unsetcookie('adminsid');
	if($mybb->get_input('do') == 'login')
	{
		$login_message = $lang->error_mybb_not_admin_account;
	}
```

[mybb_1838→mybb_1837_build] admin/modules/config/settings.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1837_build/admin/modules/config/settings.php	2025-11-13 17:30:45.607401316 +0000+++ cache/mybb_mybb_1838/admin/modules/config/settings.php	2025-11-13 17:30:28.801335058 +0000@@ -1208,6 +1208,19 @@ 			} 		} +		// reject dangerous/unsupported file paths+		$field = 'errorloglocation';++		if(isset($mybb->input['upsetting'][$field]) && is_string($mybb->input['upsetting'][$field]))+		{+			if(+				strpos($mybb->input['upsetting'][$field], '://') !== false ||+				substr($mybb->input['upsetting'][$field], -4) === '.php'+			)+			{+				unset($mybb->input['upsetting'][$field]);+			}+		}  		if(is_array($mybb->input['upsetting'])) 		{

AI Analysis

Vulnerability Existed: yes  
CWE-73: External Control of File Name or Path - admin/modules/config/settings.php Lines 1212-1221  
Old Code:  
```php
// No validation for errorloglocation input
```  
Fixed Code:  
```php
// reject dangerous/unsupported file paths
$field = 'errorloglocation';

if(isset($mybb->input['upsetting'][$field]) && is_string($mybb->input['upsetting'][$field]))
{
	if(
		strpos($mybb->input['upsetting'][$field], '://') !== false ||
		substr($mybb->input['upsetting'][$field], -4) === '.php'
	)
	{
		unset($mybb->input['upsetting'][$field]);
	}
}
```

[mybb_1838→mybb_1837_build] admin/modules/forum/attachments.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1837_build/admin/modules/forum/attachments.php	2025-11-13 17:30:45.609401443 +0000+++ cache/mybb_mybb_1838/admin/modules/forum/attachments.php	2025-11-13 17:30:28.803335185 +0000@@ -693,7 +693,7 @@ 		}  		// Username matching-		if($mybb->input['username'])+		if(!empty($mybb->input['username'])) 		{ 			$user = get_user_by_username($mybb->input['username']); @@ -752,11 +752,11 @@ 			"downloads"    => $mybb->get_input('downloads', MyBB::INPUT_INT) 		); -		if(!empty($mybb->input['dateuploaded']) && $mybb->request_method == "post")+		if(!empty($mybb->input['dateuploaded'])) 		{ 			$direction_fields['dateuploaded'] = TIME_NOW-$direction_fields['dateuploaded']*60*60*24; 		}-		if(!empty($mybb->input['filesize']) && $mybb->request_method == "post")+		if(!empty($mybb->input['filesize'])) 		{ 			$direction_fields['filesize'] *= 1024; 		}@@ -878,7 +878,7 @@ 				$pagination_vars = array('perpage', 'sortby', 'order', 'filename', 'mimetype', 'username', 'downloads', 'downloads_dir', 'dateuploaded', 'dateuploaded_dir', 'filesize', 'filesize_dir'); 				foreach($pagination_vars as $var) 				{-					if($mybb->input[$var])+					if($mybb->get_input($var)) 					{ 						$pagination_url .= "&{$var}=".urlencode($mybb->input[$var]); 					}

AI Analysis

Vulnerability Existed: yes  
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - admin/modules/forum/attachments.php [878-883]  
Old Code:  
```php
				foreach($pagination_vars as $var)
				{
					if($mybb->input[$var])
					{
						$pagination_url .= "&{$var}=".urlencode($mybb->input[$var]);
					}
```  
Fixed Code:  
```php
				foreach($pagination_vars as $var)
				{
					if($mybb->get_input($var))
					{
						$pagination_url .= "&{$var}=".urlencode($mybb->input[$var]);
					}
```  

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - admin/modules/forum/attachments.php [693]  
Old Code:  
```php
		if($mybb->input['username'])
```  
Fixed Code:  
```php
		if(!empty($mybb->input['username']))
```  

Vulnerability Existed: not sure  
CWE-20: Improper Input Validation - admin/modules/forum/attachments.php [752-755]  
Old Code:  
```php
		if(!empty($mybb->input['dateuploaded']) && $mybb->request_method == "post")
		{
			$direction_fields['dateuploaded'] = TIME_NOW-$direction_fields['dateuploaded']*60*60*24;
		}
		if(!empty($mybb->input['filesize']) && $mybb->request_method == "post")
```  
Fixed Code:  
```php
		if(!empty($mybb->input['dateuploaded']))
		{
			$direction_fields['dateuploaded'] = TIME_NOW-$direction_fields['dateuploaded']*60*60*24;
		}
		if(!empty($mybb->input['filesize']))
```

[mybb_1838→mybb_1837_build] admin/modules/forum/management.php AI: 4 vulnerabilities

--- cache/mybb_mybb_1837_build/admin/modules/forum/management.php	2025-11-13 17:30:45.610401507 +0000+++ cache/mybb_mybb_1838/admin/modules/forum/management.php	2025-11-13 17:30:28.804335249 +0000@@ -317,7 +317,7 @@ 		if(!$errors) 		{ 			$fid = $mybb->get_input('fid', MyBB::INPUT_INT);-			$forum = get_forum($fid);+			$forum = get_forum($fid, 1); 			if($mod_data['isgroup']) 			{ 				$mod = $groupscache[$mod_data['id']];@@ -498,7 +498,7 @@ 		$pid = $mybb->get_input('pid', MyBB::INPUT_INT); 		$fid = $mybb->get_input('fid', MyBB::INPUT_INT); 		$gid = $mybb->get_input('gid', MyBB::INPUT_INT);-		$forum = get_forum($fid);+		$forum = get_forum($fid, 1);  		if((!$fid || !$gid) && $pid) 		{@@ -506,12 +506,12 @@ 			$result = $db->fetch_array($query); 			$fid = $result['fid']; 			$gid = $result['gid'];-			$forum = get_forum($fid);+			$forum = get_forum($fid, 1); 		}  		$update_array = $field_list = array(); 		$fields_array = $db->show_fields_from("forumpermissions");-		if(is_array($mybb->input['permissions']))+		if(isset($mybb->input['permissions'])) 		{ 			// User has set permissions for this group... 			foreach($fields_array as $field)@@ -1965,7 +1965,7 @@  		$cache->update_moderators(); -		$forum = get_forum($fid);+		$forum = get_forum($fid, 1);  		// Log admin action 		if($isgroup)@@ -2009,7 +2009,7 @@ 	if($mybb->request_method == "post") 	{ 		$fid = $mybb->get_input('fid', MyBB::INPUT_INT);-		$forum_info = get_forum($fid);+		$forum = get_forum($fid, 1);  		$delquery = ""; 		switch($db->type)@@ -2108,7 +2108,7 @@ 	$fid = $mybb->get_input('fid', MyBB::INPUT_INT); 	if($fid) 	{-		$forum = get_forum($fid);+		$forum = get_forum($fid, 1); 	}  	$plugins->run_hooks("admin_forum_management_start");@@ -2193,7 +2193,7 @@ 		} 		elseif($mybb->get_input('add') == "moderators") 		{-			$forum = get_forum($fid);+			$forum = get_forum($fid, 1); 			if(!$forum) 			{ 				flash_message($lang->error_invalid_forum, 'error');@@ -2499,12 +2499,12 @@ 					$perms = $existing_permissions[$usergroup['gid']]; 					$default_checked = false; 				}-				elseif(is_array($cached_forum_perms) && isset($cached_forum_perms[$forum['fid']][$usergroup['gid']]) && $cached_forum_perms[$forum['fid']][$usergroup['gid']])+				elseif(isset($forum['fid']) && is_array($cached_forum_perms) && isset($cached_forum_perms[$forum['fid']][$usergroup['gid']]) && $cached_forum_perms[$forum['fid']][$usergroup['gid']]) 				{ 					$perms = $cached_forum_perms[$forum['fid']][$usergroup['gid']]; 					$default_checked = true; 				}-				else if(is_array($cached_forum_perms) && isset($cached_forum_perms[$forum['pid']][$usergroup['gid']]) && $cached_forum_perms[$forum['pid']][$usergroup['gid']])+				else if(isset($forum['pid']) && is_array($cached_forum_perms) && isset($cached_forum_perms[$forum['pid']][$usergroup['gid']]) && $cached_forum_perms[$forum['pid']][$usergroup['gid']]) 				{ 					$perms = $cached_forum_perms[$forum['pid']][$usergroup['gid']]; 					$default_checked = true;

AI Analysis

Vulnerability Existed: yes
CWE-639 - Authorization Bypass Through User-Controlled Key - admin/modules/forum/management.php [317,498,1965,2009,2108,2193]
[Old Code]
$forum = get_forum($fid);
[Fixed Code]
$forum = get_forum($fid, 1);

Vulnerability Existed: yes
CWE-472 - External Control of Assumed-Immutable Web Parameter - admin/modules/forum/management.php [506]
[Old Code]
if(is_array($mybb->input['permissions']))
[Fixed Code]
if(isset($mybb->input['permissions']))

Vulnerability Existed: yes
CWE-472 - External Control of Assumed-Immutable Web Parameter - admin/modules/forum/management.php [2499,2504]
[Old Code]
elseif(is_array($cached_forum_perms) && isset($cached_forum_perms[$forum['fid']][$usergroup['gid']]) && $cached_forum_perms[$forum['fid']][$usergroup['gid']])
[Fixed Code]
elseif(isset($forum['fid']) && is_array($cached_forum_perms) && isset($cached_forum_perms[$forum['fid']][$usergroup['gid']]) && $cached_forum_perms[$forum['fid']][$usergroup['gid']])

Vulnerability Existed: yes
CWE-472 - External Control of Assumed-Immutable Web Parameter - admin/modules/forum/management.php [2504]
[Old Code]
else if(is_array($cached_forum_perms) && isset($cached_forum_perms[$forum['pid']][$usergroup['gid']]) && $cached_forum_perms[$forum['pid']][$usergroup['gid']])
[Fixed Code]
else if(isset($forum['pid']) && is_array($cached_forum_perms) && isset($cached_forum_perms[$forum['pid']][$usergroup['gid']]) && $cached_forum_perms[$forum['pid']][$usergroup['gid']])

[mybb_1838→mybb_1837_build] admin/modules/home/preferences.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1837_build/admin/modules/home/preferences.php	2025-11-13 17:30:45.611401570 +0000+++ cache/mybb_mybb_1838/admin/modules/home/preferences.php	2025-11-13 17:30:28.805335312 +0000@@ -133,20 +133,20 @@ 	$form_container->output_row($lang->acp_theme, $lang->select_acp_theme, $setting_code); 	$form_container->output_row($lang->acp_language, $lang->select_acp_language, $language_code); 	$form_container->output_row($lang->codemirror, $lang->use_codemirror_desc, $form->generate_on_off_radio('codepress', $admin_options['codepress']));-	+ 	// If 2FA is enabled we need to display a link to the recovery codes page 	if(!empty($admin_options['authsecret'])) 	{ 		$lang->use_2fa_desc .= "<br />".$lang->recovery_codes_desc." ".$lang->recovery_codes_warning;-	}	+	} 	$form_container->output_row($lang->my2fa, $lang->use_2fa_desc, $form->generate_on_off_radio('2fa', (int)!empty($admin_options['authsecret'])));-	+ 	if(!empty($admin_options['authsecret'])) 	{-		$qr = $auth->getQRCodeGoogleUrl($mybb->user['username']."@".str_replace(" ", "", $mybb->settings['bbname']), $admin_options['authsecret']);+		$qr = $auth->getQRCodeGoogleUrl($mybb->user['username']."@AdminCP", $admin_options['authsecret'], str_replace(" ", "", $mybb->settings['bbname'])); 		$form_container->output_row($lang->my2fa_qr . "<br /><img src=\"{$qr}\"");-	}	-				+	}+ 	$form_container->end();  	$table = new Table;

AI Analysis

Vulnerability Existed: yes  
CWE-639 - Authorization Bypass Through User-Controlled Key - admin/modules/home/preferences.php [Lines 144-146]  
Old Code:  
```php
$qr = $auth->getQRCodeGoogleUrl($mybb->user['username']."@".str_replace(" ", "", $mybb->settings['bbname']), $admin_options['authsecret']);
```  
Fixed Code:  
```php
$qr = $auth->getQRCodeGoogleUrl($mybb->user['username']."@AdminCP", $admin_options['authsecret'], str_replace(" ", "", $mybb->settings['bbname']));
```

[mybb_1838→mybb_1837_build] admin/modules/style/themes.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1837_build/admin/modules/style/themes.php	2025-11-13 17:30:45.613401697 +0000+++ cache/mybb_mybb_1838/admin/modules/style/themes.php	2025-11-13 17:30:28.807335439 +0000@@ -1447,7 +1447,7 @@ 					$sep = " {$lang->and} "; 				} -				$inherited .= $sep.$file;+				$inherited .= $sep.htmlspecialchars_uni($file); 				$sep = $lang->comma;  				++$count;@@ -1558,7 +1558,7 @@ 			$popup->add_item($lang->delete_revert, "index.php?module=style-themes&amp;action=delete_stylesheet&amp;file=".htmlspecialchars_uni($filename)."&amp;tid={$theme['tid']}&amp;my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, '{$lang->confirm_stylesheet_deletion}')"); 		} -		$table->construct_cell("<strong><a href=\"index.php?module=style-themes&amp;action=edit_stylesheet&amp;file=".htmlspecialchars_uni($filename)."&amp;tid={$theme['tid']}\">{$filename}</a></strong>{$inherited}<br />{$attached_to}");+		$table->construct_cell("<strong><a href=\"index.php?module=style-themes&amp;action=edit_stylesheet&amp;file=".htmlspecialchars_uni($filename)."&amp;tid={$theme['tid']}\">".htmlspecialchars_uni($filename)."</a></strong>{$inherited}<br />{$attached_to}"); 		$table->construct_cell($form->generate_numeric_field("disporder[{$theme_stylesheets[$filename]['sid']}]", $properties['disporder'][$filename], array('style' => 'width: 80%; text-align: center;', 'min' => 0)), array("class" => "align_center")); 		$table->construct_cell($popup->fetch(), array("class" => "align_center")); 		$table->construct_row();

AI Analysis

Vulnerability Existed: yes  
Cross-Site Scripting (XSS) - CWE-79 - admin/modules/style/themes.php [1447, 1558]  
[Old Code]  
```php
$inherited .= $sep.$file;
```  
[Fixed Code]  
```php
$inherited .= $sep.htmlspecialchars_uni($file);
```  

Vulnerability Existed: yes  
Cross-Site Scripting (XSS) - CWE-79 - admin/modules/style/themes.php [1447, 1558]  
[Old Code]  
```php
$table->construct_cell("<strong><a href=\"index.php?module=style-themes&amp;action=edit_stylesheet&amp;file=".htmlspecialchars_uni($filename)."&amp;tid={$theme['tid']}\">{$filename}</a></strong>{$inherited}<br />{$attached_to}");
```  
[Fixed Code]  
```php
$table->construct_cell("<strong><a href=\"index.php?module=style-themes&amp;action=edit_stylesheet&amp;file=".htmlspecialchars_uni($filename)."&amp;tid={$theme['tid']}\">".htmlspecialchars_uni($filename)."</a></strong>{$inherited}<br />{$attached_to}");
```

[mybb_1838→mybb_1837_build] admin/modules/tools/adminlog.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1837_build/admin/modules/tools/adminlog.php	2025-11-13 17:30:45.613401697 +0000+++ cache/mybb_mybb_1838/admin/modules/tools/adminlog.php	2025-11-13 17:30:28.807335439 +0000@@ -413,7 +413,7 @@ 			} 			break; 		case 'admin_log_forum_management_copy': // Forum copy-			if($logitem['data'][4])+			if(!empty($logitem['data'][4])) 			{ 				$lang_string .= '_with_permissions'; 			}

AI Analysis

Vulnerability Existed: yes  
CWE-476: NULL Pointer Dereference - CWE ID 476 - admin/modules/tools/adminlog.php [Lines 413-416]  
Old Code:  
```php
if($logitem['data'][4])
```  
Fixed Code:  
```php
if(!empty($logitem['data'][4]))
```

[mybb_1838→mybb_1837_build] admin/modules/tools/backupdb.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1837_build/admin/modules/tools/backupdb.php	2025-11-13 17:30:45.614401761 +0000+++ cache/mybb_mybb_1838/admin/modules/tools/backupdb.php	2025-11-13 17:30:28.807335439 +0000@@ -100,8 +100,9 @@ 	}  	$file = basename($mybb->input['file']);+    $ext = get_extension($file); -	if(!trim($mybb->input['file']) || !file_exists(MYBB_ADMIN_DIR.'backups/'.$file))+    if(!trim($mybb->input['file']) || !file_exists(MYBB_ADMIN_DIR.'backups/'.$file) || filetype(MYBB_ADMIN_DIR.'backups/'.$file) != 'file' || ($ext != 'gz' && $ext != 'sql')) 	{ 		flash_message($lang->error_backup_doesnt_exist, 'error'); 		admin_redirect("index.php?module=tools-backupdb");

AI Analysis

Vulnerability Existed: yes  
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') - admin/modules/tools/backupdb.php [100-103]  
Old Code:  
```php
	$file = basename($mybb->input['file']);

	if(!trim($mybb->input['file']) || !file_exists(MYBB_ADMIN_DIR.'backups/'.$file))
```  
Fixed Code:  
```php
	$file = basename($mybb->input['file']);
    $ext = get_extension($file);

    if(!trim($mybb->input['file']) || !file_exists(MYBB_ADMIN_DIR.'backups/'.$file) || filetype(MYBB_ADMIN_DIR.'backups/'.$file) != 'file' || ($ext != 'gz' && $ext != 'sql'))
```

[mybb_1838→mybb_1837_build] admin/modules/user/users.php AI: 6 vulnerabilities

--- cache/mybb_mybb_1837_build/admin/modules/user/users.php	2025-11-13 17:30:45.621402205 +0000+++ cache/mybb_mybb_1838/admin/modules/user/users.php	2025-11-13 17:30:28.814335883 +0000@@ -632,7 +632,7 @@ 				} 			} 			// Are we setting a new avatar from a URL?-			else if($mybb->input['avatar_url'] && $mybb->input['avatar_url'] != $user['avatar'])+			else if(!empty($mybb->input['avatar_url']) && $mybb->input['avatar_url'] != $user['avatar']) 			{ 				if(!$mybb->settings['allowremoteavatars']) 				{@@ -943,7 +943,7 @@  	<link rel="stylesheet" href="../jscripts/sceditor/themes/mybb.css" type="text/css" media="all" /> 	<script type="text/javascript" src="../jscripts/sceditor/jquery.sceditor.bbcode.min.js?ver=1832"></script>-	<script type="text/javascript" src="../jscripts/bbcodes_sceditor.js?ver=1832"></script>+	<script type="text/javascript" src="../jscripts/bbcodes_sceditor.js?ver=1837"></script> 	<script type="text/javascript" src="../jscripts/sceditor/plugins/undo.js?ver=1832"></script> EOF; 	$page->output_header($lang->edit_user);@@ -1544,7 +1544,10 @@  	if($errors) 	{-		$avatar_url = htmlspecialchars_uni($mybb->input['avatar_url']);+		if(isset($mybb->input['avatar_url']))+		{+			$avatar_url = htmlspecialchars_uni($mybb->input['avatar_url']);+		} 	}  	if($mybb->settings['maxavatardims'] != "")@@ -1833,7 +1836,7 @@ 	$query = $db->simple_select("adminviews", "*", "type='user' AND (vid='{$default_view}' OR uid=0)", array("order_by" => "uid", "order_dir" => "desc")); 	$admin_view = $db->fetch_array($query); -	if($mybb->input['type'])+	if(!empty($mybb->input['type'])) 	{ 		$admin_view['view_type'] = $mybb->input['type']; 	}@@ -2983,7 +2986,7 @@ 			$page->output_footer(); 			break; 		case 'multiusergroup':-			if($mybb->input['processed'] == 1)+			if($mybb->get_input('processed', \MyBB::INPUT_INT) === 1) 			{ 				// Determine additional usergroups 				if(is_array($mybb->input['additionalgroups']))@@ -3083,12 +3086,12 @@ 				$display_group_options[$usergroup['gid']] = htmlspecialchars_uni($usergroup['title']); 			} -			if(!is_array($mybb->input['additionalgroups']))+			if(!$mybb->get_input('additionalgroups', \MyBB::INPUT_ARRAY)) 			{-				$mybb->input['additionalgroups'] = explode(',', $mybb->input['additionalgroups']);+				$mybb->input['additionalgroups'] = explode(',', $mybb->get_input('additionalgroups')); 			} -			$form_container->output_row($lang->primary_user_group, "", $form->generate_select_box('usergroup', $options, $mybb->input['usergroup'], array('id' => 'usergroup')), 'usergroup');+			$form_container->output_row($lang->primary_user_group, "", $form->generate_select_box('usergroup', $options, $mybb->get_input('usergroup'), array('id' => 'usergroup')), 'usergroup'); 			$form_container->output_row($lang->additional_user_groups, $lang->additional_user_groups_desc, $form->generate_select_box('additionalgroups[]', $options, $mybb->input['additionalgroups'], array('id' => 'additionalgroups', 'multiple' => true, 'size' => 5)), 'additionalgroups'); 			$form_container->output_row($lang->display_user_group, "", $form->generate_select_box('displaygroup', $display_group_options, $mybb->input['displaygroup'], array('id' => 'displaygroup')), 'displaygroup'); @@ -3864,7 +3867,7 @@ 	}  	$built_view .= '-<script type="text/javascript" src="'.$mybb->settings['bburl'].'/jscripts/inline_moderation.js?ver=1821"></script>+<script type="text/javascript" src="'.$mybb->settings['bburl'].'/jscripts/inline_moderation.js?ver=1838"></script> <form action="index.php?module=user-users" method="post"> <input type="hidden" name="my_post_key" value="'.$mybb->post_code.'" /> <input type="hidden" name="action" value="inline_edit" />

AI Analysis

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE-20 - admin/modules/user/users.php [1833]  
Old Code:  
```php
if($mybb->input['type'])
```  
Fixed Code:  
```php
if(!empty($mybb->input['type']))
```

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE-20 - admin/modules/user/users.php [2983]  
Old Code:  
```php
if($mybb->input['processed'] == 1)
```  
Fixed Code:  
```php
if($mybb->get_input('processed', \MyBB::INPUT_INT) === 1)
```

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE-20 - admin/modules/user/users.php [3083]  
Old Code:  
```php
if(!is_array($mybb->input['additionalgroups']))
{
    $mybb->input['additionalgroups'] = explode(',', $mybb->input['additionalgroups']);
}
```  
Fixed Code:  
```php
if(!$mybb->get_input('additionalgroups', \MyBB::INPUT_ARRAY))
{
    $mybb->input['additionalgroups'] = explode(',', $mybb->get_input('additionalgroups'));
}
```

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE-20 - admin/modules/user/users.php [3086]  
Old Code:  
```php
$form_container->output_row($lang->primary_user_group, "", $form->generate_select_box('usergroup', $options, $mybb->input['usergroup'], array('id' => 'usergroup')), 'usergroup');
```  
Fixed Code:  
```php
$form_container->output_row($lang->primary_user_group, "", $form->generate_select_box('usergroup', $options, $mybb->get_input('usergroup'), array('id' => 'usergroup')), 'usergroup');
```

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE-20 - admin/modules/user/users.php [632]  
Old Code:  
```php
else if($mybb->input['avatar_url'] && $mybb->input['avatar_url'] != $user['avatar'])
```  
Fixed Code:  
```php
else if(!empty($mybb->input['avatar_url']) && $mybb->input['avatar_url'] != $user['avatar'])
```

Vulnerability Existed: yes  
CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) - CWE-79 - admin/modules/user/users.php [1544]  
Old Code:  
```php
$avatar_url = htmlspecialchars_uni($mybb->input['avatar_url']);
```  
Fixed Code:  
```php
if(isset($mybb->input['avatar_url']))
{
    $avatar_url = htmlspecialchars_uni($mybb->input['avatar_url']);
}
```

[mybb_1838→mybb_1837_build] forumdisplay.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1837_build/forumdisplay.php	2025-11-13 17:30:45.628402649 +0000+++ cache/mybb_mybb_1838/forumdisplay.php	2025-11-13 17:30:28.820336263 +0000@@ -307,7 +307,7 @@ 		{ 			$doneusers[$user['uid']] = $user['time']; 			++$membercount;-			if($user['invisible'] == 1 && $mybb->usergroup['canbeinvisible'] == 1)+			if($user['invisible'] == 1) 			{ 				$invisiblemark = "*"; 				++$inviscount;@@ -1514,8 +1514,6 @@ 	eval("\$addremovesubscription = \"".$templates->get("forumdisplay_threadlist_subscription")."\";"); } -$inline_edit_js = $clearstoredpass = '';- // Is this a real forum with threads? if($foruminfo['type'] != "c") {

AI Analysis

Vulnerability Existed: yes  
CWE-639 - Authorization Bypass Through User-Controlled Key - forumdisplay.php [307]  
[Old Code]  
```php
if($user['invisible'] == 1 && $mybb->usergroup['canbeinvisible'] == 1)
```  
[Fixed Code]  
```php
if($user['invisible'] == 1)
```

[mybb_1838→mybb_1837_build] inc/3rdparty/2fa/GoogleAuthenticator.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1837_build/inc/3rdparty/2fa/GoogleAuthenticator.php	2025-11-13 17:30:45.641403474 +0000+++ cache/mybb_mybb_1838/inc/3rdparty/2fa/GoogleAuthenticator.php	2025-11-13 17:30:28.833337088 +0000@@ -109,7 +109,7 @@             $urlencoded .= urlencode('&issuer='.urlencode($title));
         }
 
-        return 'https://chart.googleapis.com/chart?chs='.$width.'x'.$height.'&chld='.$level.'|0&cht=qr&chl='.$urlencoded.'';
+        return 'https://api.qrserver.com/v1/create-qr-code/?data='.$urlencoded.'&size='.$width.'x'.$height.'&ecc='.$level;
     }
 
     /**

AI Analysis

Vulnerability Existed: yes  
CWE-918: Server-Side Request Forgery (SSRF) - CWE-918 - inc/3rdparty/2fa/GoogleAuthenticator.php [109]  
Old Code:  
`return 'https://chart.googleapis.com/chart?chs='.$width.'x'.$height.'&chld='.$level.'|0&cht=qr&chl='.$urlencoded.'';`  
Fixed Code:  
`return 'https://api.qrserver.com/v1/create-qr-code/?data='.$urlencoded.'&size='.$width.'x'.$height.'&ecc='.$level;`

[mybb_1838→mybb_1837_build] inc/3rdparty/diff/Diff/Engine/Native.php AI: Not Sure

--- cache/mybb_mybb_1837_build/inc/3rdparty/diff/Diff/Engine/Native.php	2025-11-13 17:30:45.641403474 +0000+++ cache/mybb_mybb_1838/inc/3rdparty/diff/Diff/Engine/Native.php	2025-11-13 17:30:28.834337152 +0000@@ -33,6 +33,7 @@ 	die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined."); } +#[AllowDynamicProperties] class Horde_Text_Diff_Engine_Native {     public function diff($from_lines, $to_lines)

AI Analysis

Vulnerability Existed: not sure  
CWE-Unknown - Unknown - inc/3rdparty/diff/Diff/Engine/Native.php [Lines: 36]  
[Old Code]  
```php
class Horde_Text_Diff_Engine_Native
```  
[Fixed Code]  
```php
#[AllowDynamicProperties]
class Horde_Text_Diff_Engine_Native
```  

**Analysis:**  
The change adds the `#[AllowDynamicProperties]` attribute to the class. This is related to PHP 8.2+ compatibility where dynamic property creation is deprecated. While not a traditional security vulnerability, it could potentially lead to unexpected behavior if dynamic properties are used improperly. However, without more context about how this class is used, it's unclear if this change fixes a security issue or just prevents deprecation warnings.

[mybb_1838→mybb_1837_build] inc/class_core.php AI: Not Sure

--- cache/mybb_mybb_1837_build/inc/class_core.php	2025-11-13 17:30:45.653404235 +0000+++ cache/mybb_mybb_1838/inc/class_core.php	2025-11-13 17:30:28.847337976 +0000@@ -14,14 +14,14 @@ 	 * 	 * @var string 	 */-	public $version = "1.8.37";+	public $version = "1.8.38";  	/** 	 * The version code of MyBB we're running. 	 * 	 * @var integer 	 */-	public $version_code = 1837;+	public $version_code = 1838;  	/** 	 * The current working directory.

AI Analysis

Vulnerability Existed: not sure  
[CWE ID not identified] - [CWE ID not applicable] - inc/class_core.php [14,21]  
[Old Code]  
```php  
public $version = "1.8.37";  
public $version_code = 1837;  
```  
[Fixed Code]  
```php  
public $version = "1.8.38";  
public $version_code = 1838;  
```

[mybb_1838→mybb_1837_build] inc/class_error.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1837_build/inc/class_error.php	2025-11-13 17:30:45.654404299 +0000+++ cache/mybb_mybb_1838/inc/class_error.php	2025-11-13 17:30:28.849338103 +0000@@ -178,7 +178,14 @@ 			return true; 		} -		$file = str_replace(MYBB_ROOT, "", $file);+        if(isset($file))+        {+            $file = str_replace(MYBB_ROOT, "", $file);+        }+        else+        {+            $file = "";+        }  		if($type == MYBB_SQL || strpos(strtolower($this->error_types[$type]), 'warning') === false) 		{@@ -385,7 +392,11 @@ 		$error_data .= $back_trace; 		$error_data .= "</error>\n\n"; -		if(isset($mybb->settings['errorloglocation']) && trim($mybb->settings['errorloglocation']) != "")+		if(+			isset($mybb->settings['errorloglocation']) &&+			trim($mybb->settings['errorloglocation']) != "" &&+			substr($mybb->settings['errorloglocation'], -4) !== '.php'+		) 		{ 			@error_log($error_data, 3, $mybb->settings['errorloglocation']); 		}

AI Analysis

Vulnerability Existed: yes  
CWE-73 - External Control of File Name or Path - inc/class_error.php [385-392]  
Old Code:  
```php
		if(isset($mybb->settings['errorloglocation']) && trim($mybb->settings['errorloglocation']) != "")
		{
			@error_log($error_data, 3, $mybb->settings['errorloglocation']);
		}
```  
Fixed Code:  
```php
		if(
			isset($mybb->settings['errorloglocation']) &&
			trim($mybb->settings['errorloglocation']) != "" &&
			substr($mybb->settings['errorloglocation'], -4) !== '.php'
		)
		{
			@error_log($error_data, 3, $mybb->settings['errorloglocation']);
		}
```

Vulnerability Existed: yes  
CWE-829 - Inclusion of Functionality from Untrusted Control Sphere - inc/class_error.php [178]  
Old Code:  
```php
		$file = str_replace(MYBB_ROOT, "", $file);
```  
Fixed Code:  
```php
        if(isset($file))
        {
            $file = str_replace(MYBB_ROOT, "", $file);
        }
        else
        {
            $file = "";
        }
```

[mybb_1838→mybb_1837_build] inc/class_moderation.php AI: Not Sure

--- cache/mybb_mybb_1837_build/inc/class_moderation.php	2025-11-13 17:30:45.656404426 +0000+++ cache/mybb_mybb_1838/inc/class_moderation.php	2025-11-13 17:30:28.851338230 +0000@@ -1595,6 +1595,9 @@ 			update_first_post($thread['tid']); 		} +		// Attach moved posts to the first post+		$db->update_query("posts", array('replyto' => $new_firstpost['pid']), "tid='{$tid}' AND replyto = 0 AND pid != '{$new_firstpost['pid']}'");+ 		// Update thread count if thread has a new firstpost and is visible 		if($thread['uid'] != $new_firstpost['uid'] && $thread['visible'] == 1 && $forum_cache[$thread['fid']]['usethreadcounts'] == 1) 		{@@ -2131,6 +2134,9 @@ 			} 		} +		// Attach moved posts to the first post+		$db->update_query("posts", array('replyto' => $post_info['pid']), "tid='{$newtid}' AND replyto = 0 AND pid != '{$post_info['pid']}'");+ 		if($destination_tid == 0 && $newthread['visible'] == 1) 		{ 			// If splitting into a new thread, subtract one from the thread's reply count to compensate for the original post

AI Analysis

Vulnerability Existed: not sure  
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - inc/class_moderation.php [1598, 2137]  
[Old Code]  
$db->update_query("posts", array('replyto' => $new_firstpost['pid']), "tid='{$tid}' AND replyto = 0 AND pid != '{$new_firstpost['pid']}'");  
[Fixed Code]  
The code appears to be using variables directly in SQL queries without parameterization, which could potentially allow SQL injection if the variables are not properly sanitized. However, without knowing the full context of variable validation, this is uncertain.

[mybb_1838→mybb_1837_build] inc/class_session.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1837_build/inc/class_session.php	2025-11-13 17:30:45.659404616 +0000+++ cache/mybb_mybb_1838/inc/class_session.php	2025-11-13 17:30:28.853338357 +0000@@ -357,6 +357,8 @@ 		$mybb->user['moderateposts'] = 0; 		$mybb->user['showquickreply'] = 1; 		$mybb->user['signature'] = '';+		$mybb->user['sourceeditor'] = 0;+		$mybb->user['subscriptionmethod'] = 0; 		$mybb->user['suspendposting'] = 0;  		// Has this user visited before? Lastvisit need updating?@@ -371,7 +373,7 @@ 			{ 				$mybb->user['lastactive'] = (int)$mybb->cookies['mybb']['lastactive']; 			}-			if($time - $mybb->cookies['mybb']['lastactive'] > 900)+			if($time - (int)$mybb->cookies['mybb']['lastactive'] > 900) 			{ 				my_setcookie("mybb[lastvisit]", $mybb->user['lastactive']); 				$mybb->user['lastvisit'] = $mybb->user['lastactive'];

AI Analysis

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE-20 - inc/class_session.php [Line 373]  
Old Code:  
```php
if($time - $mybb->cookies['mybb']['lastactive'] > 900)
```  
Fixed Code:  
```php
if($time - (int)$mybb->cookies['mybb']['lastactive'] > 900)
```

[mybb_1838→mybb_1837_build] inc/class_templates.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1837_build/inc/class_templates.php	2025-11-13 17:30:45.659404616 +0000+++ cache/mybb_mybb_1838/inc/class_templates.php	2025-11-13 17:30:28.853338357 +0000@@ -95,16 +95,16 @@ 				$this->uncached_templates[$title] = $title; 			} -			if(!$gettemplate)+			if(empty($gettemplate)) 			{-				$gettemplate['template'] = "";+				$gettemplate = array('template' => ''); 			}  			$this->cache[$title] = $gettemplate['template']; 		} 		$template = $this->cache[$title]; -		if($htmlcomments)+		if($htmlcomments && $template !== false) 		{ 			if($mybb->settings['tplhtmlcomments'] == 1) 			{

AI Analysis

Vulnerability Existed: yes  
CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) - CWE-89 - inc/class_templates.php [95-97]  
[Old Code]  
```php
			if(!$gettemplate)
			{
				$gettemplate['template'] = "";
			}
```  
[Fixed Code]  
```php
			if(empty($gettemplate))
			{
				$gettemplate = array('template' => '');
			}
```

Vulnerability Existed: yes  
CWE-754 (Improper Check for Unusual or Exceptional Conditions) - CWE-754 - inc/class_templates.php [104]  
[Old Code]  
```php
		if($htmlcomments)
```  
[Fixed Code]  
```php
		if($htmlcomments && $template !== false)
```

[mybb_1838→mybb_1837_build] inc/datahandlers/pm.php AI: 5 vulnerabilities

--- cache/mybb_mybb_1837_build/inc/datahandlers/pm.php	2025-11-13 17:30:45.660404680 +0000+++ cache/mybb_mybb_1838/inc/datahandlers/pm.php	2025-11-13 17:30:28.855338484 +0000@@ -129,6 +129,16 @@ 			return true; 		} +		if($pm['fromid'] <= 0)+		{+			$pm['sender'] = array(+				"uid" => 0,+				"username" => ''+			);++			return true;+		}+ 		// Fetch the senders profile data. 		$sender = get_user($pm['fromid']); @@ -284,12 +294,15 @@ 			return false; 		} -		$sender_permissions = user_permissions($pm['fromid']);--		// Are we trying to send this message to more users than the permissions allow?-		if($sender_permissions['maxpmrecipients'] > 0 && count($recipients) > $sender_permissions['maxpmrecipients'] && $this->admin_override != true)+		if($pm['fromid'] > 0) 		{-			$this->set_error("too_many_recipients", array($sender_permissions['maxpmrecipients']));+			$sender_permissions = user_permissions($pm['fromid']);++			// Are we trying to send this message to more users than the permissions allow?+			if($sender_permissions['maxpmrecipients'] > 0 && count($recipients) > $sender_permissions['maxpmrecipients'] && $this->admin_override != true)+			{+				$this->set_error("too_many_recipients", array($sender_permissions['maxpmrecipients']));+			} 		}  		// Now we're done with that we loop through each recipient@@ -302,7 +315,7 @@ 			// See if the sender is on the recipients ignore list and that either 			// - admin_override is set or 			// - sender is an administrator-			if($this->admin_override != true && $sender_permissions['canoverridepm'] != 1)+			if($this->admin_override != true && empty($sender_permissions['canoverridepm'])) 			{ 				if(!empty($user['ignorelist']) && strpos(','.$user['ignorelist'].',', ','.$pm['fromid'].',') !== false) 				{@@ -324,7 +337,7 @@ 			}  			// Check to see if the user has reached their private message quota - if they have, email them.-			if($recipient_permissions['pmquota'] != 0 && $user['totalpms'] >= $recipient_permissions['pmquota'] && $sender_permissions['cancp'] != 1 && empty($pm['saveasdraft']) && !$this->admin_override)+			if($recipient_permissions['pmquota'] != 0 && $user['totalpms'] >= $recipient_permissions['pmquota'] && empty($sender_permissions['cancp']) && empty($pm['saveasdraft']) && !$this->admin_override) 			{ 				if(trim($user['language']) != '' && $lang->language_exists($user['language'])) 				{@@ -404,7 +417,7 @@ 		$pm = &$this->data;  		// Check if post flooding is enabled within MyBB or if the admin override option is specified.-		if($mybb->settings['pmfloodsecs'] > 0 && $pm['fromid'] != 0 && $this->admin_override == false && !is_moderator(0, '', $pm['fromid']))+		if($mybb->settings['pmfloodsecs'] > 0 && $pm['fromid'] > 0 && $this->admin_override == false && !is_moderator(0, '', $pm['fromid'])) 		{ 			// Fetch the senders profile data. 			$sender = get_user($pm['fromid']);

AI Analysis

Vulnerability Existed: yes  
CWE-285: Improper Authorization - CWE-285 - inc/datahandlers/pm.php [284-294]  
[Old Code]  
```php
$sender_permissions = user_permissions($pm['fromid']);

// Are we trying to send this message to more users than the permissions allow?
if($sender_permissions['maxpmrecipients'] > 0 && count($recipients) > $sender_permissions['maxpmrecipients'] && $this->admin_override != true)
{
    $this->set_error("too_many_recipients", array($sender_permissions['maxpmrecipients']));
}
```  
[Fixed Code]  
```php
if($pm['fromid'] > 0)
{
    $sender_permissions = user_permissions($pm['fromid']);

    // Are we trying to send this message to more users than the permissions allow?
    if($sender_permissions['maxpmrecipients'] > 0 && count($recipients) > $sender_permissions['maxpmrecipients'] && $this->admin_override != true)
    {
        $this->set_error("too_many_recipients", array($sender_permissions['maxpmrecipients']));
    }
}
```

Vulnerability Existed: yes  
CWE-285: Improper Authorization - CWE-285 - inc/datahandlers/pm.php [302]  
[Old Code]  
```php
if($this->admin_override != true && $sender_permissions['canoverridepm'] != 1)
```  
[Fixed Code]  
```php
if($this->admin_override != true && empty($sender_permissions['canoverridepm']))
```

Vulnerability Existed: yes  
CWE-285: Improper Authorization - CWE-285 - inc/datahandlers/pm.php [324]  
[Old Code]  
```php
if($recipient_permissions['pmquota'] != 0 && $user['totalpms'] >= $recipient_permissions['pmquota'] && $sender_permissions['cancp'] != 1 && empty($pm['saveasdraft']) && !$this->admin_override)
```  
[Fixed Code]  
```php
if($recipient_permissions['pmquota'] != 0 && $user['totalpms'] >= $recipient_permissions['pmquota'] && empty($sender_permissions['cancp']) && empty($pm['saveasdraft']) && !$this->admin_override)
```

Vulnerability Existed: yes  
CWE-285: Improper Authorization - CWE-285 - inc/datahandlers/pm.php [404]  
[Old Code]  
```php
if($mybb->settings['pmfloodsecs'] > 0 && $pm['fromid'] != 0 && $this->admin_override == false && !is_moderator(0, '', $pm['fromid']))
```  
[Fixed Code]  
```php
if($mybb->settings['pmfloodsecs'] > 0 && $pm['fromid'] > 0 && $this->admin_override == false && !is_moderator(0, '', $pm['fromid']))
```

Vulnerability Existed: yes  
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor - CWE-200 - inc/datahandlers/pm.php [129-136]  
[Old Code]  
```php
// No code existed here previously
```  
[Fixed Code]  
```php
if($pm['fromid'] <= 0)
{
    $pm['sender'] = array(
        "uid" => 0,
        "username" => ''
    );

    return true;
}
```

[mybb_1838→mybb_1837_build] inc/datahandlers/post.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1837_build/inc/datahandlers/post.php	2025-11-13 17:30:45.661404743 +0000+++ cache/mybb_mybb_1838/inc/datahandlers/post.php	2025-11-13 17:30:28.856338547 +0000@@ -1803,7 +1803,7 @@ 		}  		// Assign any uploaded attachments with the specific posthash to the newly created post.-		if($thread['posthash'])+		if(!empty($thread['posthash'])) 		{ 			$thread['posthash'] = $db->escape_string($thread['posthash']); 			$attachmentassign = array(

AI Analysis

Vulnerability Existed: yes
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - inc/datahandlers/post.php Lines 1806-1806
[Old Code]
			$thread['posthash'] = $db->escape_string($thread['posthash']);
[Fixed Code]
			$thread['posthash'] = $db->escape_string($thread['posthash']);

Vulnerability Existed: yes
CWE-20: Improper Input Validation - inc/datahandlers/post.php Lines 1803-1803
[Old Code]
		if($thread['posthash'])
[Fixed Code]
		if(!empty($thread['posthash']))

Note: While the SQL injection vulnerability still exists in the code (as the escape_string function is still being used), the main security improvement is the addition of proper input validation using `empty()` to check if `posthash` exists and is not empty before using it. This prevents potential issues when `posthash` might be null or empty. The escape_string function shown in the context uses PDO's quote method, which provides some SQL injection protection, but parameterized queries would be more secure.

[mybb_1838→mybb_1837_build] inc/functions.php AI: 5 vulnerabilities

--- cache/mybb_mybb_1837_build/inc/functions.php	2025-11-13 17:30:45.666405061 +0000+++ cache/mybb_mybb_1838/inc/functions.php	2025-11-13 17:30:28.866339182 +0000@@ -1694,7 +1694,14 @@ { 	global $groupscache, $forum_cache, $fpermcache, $mybb, $fpermfields; -	$groups = explode(",", $gid);+    if(isset($gid))+    {+        $groups = explode(",", $gid);+    }+    else+    {+        $groups = array();+    }  	$current_permissions = array(); 	$only_view_own_threads = 1;@@ -2727,6 +2734,12 @@ 		{ 			// sys_getloadavg() will return an array with [0] being load within the last minute. 			$serverload = sys_getloadavg();++			if(!is_array($serverload))+			{+				return $lang->unknown;+			}+ 			$serverload[0] = round($serverload[0], 4); 		} 		else if(@file_exists("/proc/loadavg") && $load = @file_get_contents("/proc/loadavg"))@@ -5736,7 +5749,14 @@ 	} 	else 	{-		$parts = explode('.', $number);+        if(isset($number))+        {+            $parts = explode('.', $number);+        }+        else+        {+            $parts = array();+        }  		if(isset($parts[1])) 		{@@ -6123,7 +6143,7 @@  	$string = preg_replace("#&\#([0-9]+);#", "-", $string); -	if(strtolower($lang->settings['charset']) == "utf-8")+	if(isset($lang->settings['charset']) && strtolower($lang->settings['charset']) == "utf-8") 	{ 		// Get rid of any excess RTL and LTR override for they are the workings of the devil 		$string = str_replace(dec_to_utf8(8238), "", $string);@@ -7539,6 +7559,11 @@ 			); 		} +		if(defined('CURLOPT_DISALLOW_USERNAME_IN_URL'))+		{+			$curlopt[CURLOPT_DISALLOW_USERNAME_IN_URL] = true;+		}+ 		if(!empty($post_body)) 		{ 			$curlopt[CURLOPT_POST] = 1;

AI Analysis

Vulnerability Existed: yes  
CWE-476: NULL Pointer Dereference - CWE ID 476 - inc/functions.php [1694]  
Old Code:  
```php
$groups = explode(",", $gid);
```  
Fixed Code:  
```php
    if(isset($gid))
    {
        $groups = explode(",", $gid);
    }
    else
    {
        $groups = array();
    }
```

Vulnerability Existed: yes  
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE ID 754 - inc/functions.php [2727]  
Old Code:  
```php
			$serverload = sys_getloadavg();
			$serverload[0] = round($serverload[0], 4);
```  
Fixed Code:  
```php
			$serverload = sys_getloadavg();

			if(!is_array($serverload))
			{
				return $lang->unknown;
			}

			$serverload[0] = round($serverload[0], 4);
```

Vulnerability Existed: yes  
CWE-476: NULL Pointer Dereference - CWE ID 476 - inc/functions.php [5736]  
Old Code:  
```php
		$parts = explode('.', $number);
```  
Fixed Code:  
```php
        if(isset($number))
        {
            $parts = explode('.', $number);
        }
        else
        {
            $parts = array();
        }
```

Vulnerability Existed: yes  
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE ID 754 - inc/functions.php [6123]  
Old Code:  
```php
	if(strtolower($lang->settings['charset']) == "utf-8")
```  
Fixed Code:  
```php
	if(isset($lang->settings['charset']) && strtolower($lang->settings['charset']) == "utf-8")
```

Vulnerability Existed: yes  
CWE-918: Server-Side Request Forgery (SSRF) - CWE ID 918 - inc/functions.php [7539]  
Old Code:  
```php
		}
```  
Fixed Code:  
```php
		}

		if(defined('CURLOPT_DISALLOW_USERNAME_IN_URL'))
		{
			$curlopt[CURLOPT_DISALLOW_USERNAME_IN_URL] = true;
		}
```

[mybb_1838→mybb_1837_build] inc/functions_online.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1837_build/inc/functions_online.php	2025-11-13 17:30:45.667405124 +0000+++ cache/mybb_mybb_1838/inc/functions_online.php	2025-11-13 17:30:28.869339372 +0000@@ -1144,7 +1144,7 @@ 		if($user['invisible'] != 1 || $mybb->usergroup['canviewwolinvis'] == 1 || $user['uid'] == $mybb->user['uid']) 		{ 			// Append an invisible mark if the user is invisible-			if($user['invisible'] == 1 && $mybb->usergroup['canbeinvisible'] == 1)+			if($user['invisible'] == 1) 			{ 				$invisible_mark = "*"; 			}

AI Analysis

Vulnerability Existed: yes  
CWE-639: Authorization Bypass Through User-Controlled Key - inc/functions_online.php Lines 1147  
Old Code:  
```php
if($user['invisible'] == 1 && $mybb->usergroup['canbeinvisible'] == 1)
```  
Fixed Code:  
```php
if($user['invisible'] == 1)
```

[mybb_1838→mybb_1837_build] inc/languages/english.php AI: No vulnerabilities

--- cache/mybb_mybb_1837_build/inc/languages/english.php	2025-11-13 17:30:45.668405187 +0000+++ cache/mybb_mybb_1838/inc/languages/english.php	2025-11-13 17:30:28.874339689 +0000@@ -27,7 +27,7 @@ //$langinfo['additional_name'] = " ";  // Compatible version of MyBB-$langinfo['version'] = "1837";+$langinfo['version'] = "1838";  // Sets if the translation includes the Admin CP (1 = yes, 0 = no) $langinfo['admin'] = 1;

AI Analysis

Vulnerability Existed: no
No vulnerability found - N/A - inc/languages/english.php 27-30
$langinfo['version'] = "1837";
$langinfo['version'] = "1838";

[mybb_1838→mybb_1837_build] inc/languages/english/admin/global.lang.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1837_build/inc/languages/english/admin/global.lang.php	2025-11-13 17:30:45.670405314 +0000+++ cache/mybb_mybb_1838/inc/languages/english/admin/global.lang.php	2025-11-13 17:30:28.879340006 +0000@@ -52,6 +52,7 @@ $l['error_invalid_ip'] = "Your IP address is not valid for this session."; $l['error_mybb_admin_lockedout'] = "This account has been locked out."; $l['error_mybb_admin_lockedout_message'] = "Your account is currently locked out after failing to login {1} times. You have been sent an email with instructions on how to unlock your account.";+$l['error_mybb_not_admin_account'] = "You do not have permission to access the administration control panel.";  $l['error_invalid_username'] = "The username you entered is invalid."; $l['error_invalid_uid'] = "The user id you entered is invalid.";

AI Analysis

Vulnerability Existed: yes  
CWE-862: Missing Authorization - CWE-862 - inc/languages/english/admin/global.lang.php [Lines 52-55]  
Old Code:  
```php
$l['error_mybb_admin_lockedout_message'] = "Your account is currently locked out after failing to login {1} times. You have been sent an email with instructions on how to unlock your account.";
```

Fixed Code:  
```php
$l['error_mybb_admin_lockedout_message'] = "Your account is currently locked out after failing to login {1} times. You have been sent an email with instructions on how to unlock your account.";
$l['error_mybb_not_admin_account'] = "You do not have permission to access the administration control panel.";
```

**Note:** While this is a language file change, the addition of the new error message `error_mybb_not_admin_account` suggests the implementation of improved authorization checks in the codebase. The vulnerability being addressed is likely insufficient authorization validation where non-admin users might access admin functionality, which would be classified under CWE-862: Missing Authorization.

[mybb_1838→mybb_1837_build] inc/languages/english/forumdisplay.lang.php AI: Not Sure

--- cache/mybb_mybb_1837_build/inc/languages/english/forumdisplay.lang.php	2025-11-13 17:30:45.674405568 +0000+++ cache/mybb_mybb_1838/inc/languages/english/forumdisplay.lang.php	2025-11-13 17:30:28.887340514 +0000@@ -95,8 +95,8 @@ $l['select_all'] = "Select all <strong>{1}</strong> threads in this forum."; $l['clear_selection'] = "Clear Selection."; $l['deleted_thread'] = "Deleted Thread";-+$l['select_a_tool'] = "Select A Tool"; $l['error_containsnoforums'] = "Sorry, but the forum you are currently viewing does not contain any child forums.";--$l['inline_edit_description'] = '(Click and hold to edit)';-+$l['inline_no_tool_selected'] = "Please select a tool to perform moderation action.";+$l['inline_no_post_selected'] = "You need to select one or more posts to perform the moderation action on.";+$l['inline_edit_description'] = '(Click and hold to edit)';\ No newline at end of file

AI Analysis

Vulnerability Existed: not sure  
CWE-Unknown - Unknown - inc/languages/english/forumdisplay.lang.php 95-103  
[Old Code]  
$l['deleted_thread'] = "Deleted Thread";  

$l['error_containsnoforums'] = "Sorry, but the forum you are currently viewing does not contain any child forums.";  

$l['inline_edit_description'] = '(Click and hold to edit)';  

[Fixed Code]  
$l['deleted_thread'] = "Deleted Thread";  
$l['select_a_tool'] = "Select A Tool";  
$l['error_containsnoforums'] = "Sorry, but the forum you are currently viewing does not contain any child forums.";  
$l['inline_no_tool_selected'] = "Please select a tool to perform moderation action.";  
$l['inline_no_post_selected'] = "You need to select one or more posts to perform the moderation action on.";  
$l['inline_edit_description'] = '(Click and hold to edit)';

[mybb_1838→mybb_1837_build] inc/languages/english/moderation.lang.php AI: Not Sure

--- cache/mybb_mybb_1837_build/inc/languages/english/moderation.lang.php	2025-11-13 17:30:45.675405632 +0000+++ cache/mybb_mybb_1838/inc/languages/english/moderation.lang.php	2025-11-13 17:30:28.890340704 +0000@@ -159,7 +159,7 @@ $l['purgespammer_modlog'] = "Purged Spammer";  $l['error_invalidpm'] = "Invalid PM";-$l['error_nomergeposts'] = "You need to select one or more posts to be able to merge posts together.";+$l['error_nomergeposts'] = "You need to select at least two or more posts to be able to merge posts together."; $l['error_cantsplitonepost'] = "You cannot split a thread that contains only one post."; $l['error_badmergeurl'] = "The URL for the thread to be merged seems to be invalid or empty. Please copy the exact URL into the textbox.<br />Please go back and try again."; $l['error_badmovepostsurl'] = "The URL for the thread to move to seems to be invalid or empty. Please copy the exact URL into the textbox.<br />Please go back and try again.";

AI Analysis

Vulnerability Existed: not sure  
CWE-20: Improper Input Validation - inc/languages/english/moderation.lang.php Lines 159  
Old Code: `$l['error_nomergeposts'] = "You need to select one or more posts to be able to merge posts together.";`  
Fixed Code: `$l['error_nomergeposts'] = "You need to select at least two or more posts to be able to merge posts together.";`

[mybb_1838→mybb_1837_build] inc/languages/english/showthread.lang.php AI: No vulnerabilities

--- cache/mybb_mybb_1837_build/inc/languages/english/showthread.lang.php	2025-11-13 17:30:45.676405695 +0000+++ cache/mybb_mybb_1838/inc/languages/english/showthread.lang.php	2025-11-13 17:30:28.892340831 +0000@@ -6,8 +6,10 @@  */  $l['delete_poll'] = "Delete Poll";+$l['open_thread'] = "Open Thread"; $l['close_thread'] = "Close Thread"; $l['stick_thread'] = "Stick Thread";+$l['unstick_thread'] = "Unstick Thread";  $l['author'] = "Author"; $l['message'] = "Message";@@ -21,9 +23,9 @@ $l['unsubscribe_thread'] = "Unsubscribe from this thread"; $l['add_poll_to_thread'] = "Add Poll to this thread"; $l['moderation_options'] = "Moderation Options:";+$l['select_a_tool'] = "Select A Tool"; $l['delayed_moderation'] = "Delayed Moderation"; $l['thread_notes'] = "Edit / View Thread Notes";-$l['open_close_thread'] = "Open / Close Thread"; $l['approve_thread'] = "Approve Thread"; $l['unapprove_thread'] = "Unapprove Thread"; $l['soft_delete_thread'] = "Soft Delete Thread";@@ -31,7 +33,6 @@ $l['delete_thread'] = "Delete Thread Permanently"; $l['delete_posts'] = "Delete Selective Posts"; $l['move_thread'] = "Move / Copy Thread";-$l['stick_unstick_thread'] = "Stick / Unstick Thread"; $l['split_thread'] = "Split Thread"; $l['merge_threads'] = "Merge Threads"; $l['remove_redirects'] = "Remove Redirects";@@ -82,6 +83,8 @@ $l['inline_approve_posts'] = "Approve Posts"; $l['inline_unapprove_posts'] = "Unapprove Posts"; $l['inline_post_moderation'] = "Inline Post Moderation:";+$l['inline_no_tool_selected'] = "Please select a tool to perform moderation action.";+$l['inline_no_post_selected'] = "You need to select one or more posts to perform the moderation action on."; $l['inline_go'] = "Go"; $l['clear'] = "Clear"; $l['thread_closed'] = "Thread Closed";

AI Analysis

Based on the provided code diff, I cannot identify any specific security vulnerabilities. The changes appear to be language string modifications and additions for improved user interface functionality.

Here is the analysis following the required format:

```
Vulnerability Existed: no
No specific security vulnerability identified - N/A - inc/languages/english/showthread.lang.php All lines
No security-related code changes detected
Language string modifications for UI improvements
```

**Explanation:**
- The diff shows changes to language strings in an English language file
- Changes include adding new strings (`open_thread`, `unstick_thread`, `select_a_tool`, etc.)
- Removing some combined strings (`open_close_thread`, `stick_unstick_thread`) 
- Adding validation messages (`inline_no_tool_selected`, `inline_no_post_selected`)
- These are UI/UX improvements rather than security fixes
- Language files typically don't contain executable code that could introduce vulnerabilities
- No actual PHP code logic changes are present in this language file diff

If there were security vulnerabilities being fixed, they would likely be in the actual PHP code files that use these language strings, not in the language strings themselves.

[mybb_1838→mybb_1837_build] inc/mailhandlers/php.php AI: Not Sure

--- cache/mybb_mybb_1837_build/inc/mailhandlers/php.php	2025-11-13 17:30:45.677405759 +0000+++ cache/mybb_mybb_1838/inc/mailhandlers/php.php	2025-11-13 17:30:28.893340895 +0000@@ -26,6 +26,20 @@ 	*/ 	public $additional_parameters = ''; +    /**+     * Path where the sendmail program can be found.+     *+     * @var string+     */+    public $sendmail = '';++    /**+     * Which "From:" mail address should be used in mail sent directly via SMTP.+     *+     * @var string+     */+    public $sendmail_from = '';+ 	/** 	 * Sends the email. 	 *

AI Analysis

Vulnerability Existed: not sure  
CWE-Unknown - Unknown - inc/mailhandlers/php.php [Lines 26+]  
[Old Code]  
No sendmail or sendmail_from properties defined  
[Fixed Code]  
Added sendmail and sendmail_from properties with empty string defaults  

Note: The diff shows new properties being added to the mail handler class, but without the full context of how these properties are used, it's difficult to determine if this fixes a specific vulnerability. The changes appear to be adding configuration options for sendmail path and From address, which could potentially relate to mail header injection or command injection vulnerabilities if these values were previously unvalidated, but the limited diff prevents definitive analysis.

[mybb_1838→mybb_1837_build] index.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1837_build/index.php	2025-11-13 17:30:45.678405822 +0000+++ cache/mybb_mybb_1838/index.php	2025-11-13 17:30:28.897341148 +0000@@ -116,7 +116,7 @@ 			if(empty($doneusers[$user['uid']]) || $doneusers[$user['uid']] < $user['time']) 			{ 				// If the user is logged in anonymously, update the count for that.-				if($user['invisible'] == 1 && $mybb->usergroup['canbeinvisible'] == 1)+				if($user['invisible'] == 1) 				{ 					++$anoncount; 				}@@ -124,7 +124,7 @@ 				if($user['invisible'] != 1 || $mybb->usergroup['canviewwolinvis'] == 1 || $user['uid'] == $mybb->user['uid']) 				{ 					// If this usergroup can see anonymously logged-in users, mark them.-					if($user['invisible'] == 1 && $mybb->usergroup['canbeinvisible'] == 1)+					if($user['invisible'] == 1) 					{ 						$invisiblemark = '*'; 					}

AI Analysis

Vulnerability Existed: yes  
CWE-639 - Authorization Bypass Through User-Controlled Key - index.php [116-124]  
[Old Code]  
```php  
if($user['invisible'] == 1 && $mybb->usergroup['canbeinvisible'] == 1)  
{  
    ++$anoncount;  
}  
// ...  
if($user['invisible'] == 1 && $mybb->usergroup['canbeinvisible'] == 1)  
{  
    $invisiblemark = '*';  
}  
```  
[Fixed Code]  
```php  
if($user['invisible'] == 1)  
{  
    ++$anoncount;  
}  
// ...  
if($user['invisible'] == 1)  
{  
    $invisiblemark = '*';  
}  
```

[mybb_1838→mybb_1837_build] install/index.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1837_build/install/index.php	2025-11-13 17:30:45.679405886 +0000+++ cache/mybb_mybb_1838/install/index.php	2025-11-13 17:30:28.899341275 +0000@@ -1650,7 +1650,8 @@  */  \$config['disallowed_remote_addresses'] = array(-	'127.0.0.1',+	'0.0.0.0',+	'127.0.0.0/8', 	'10.0.0.0/8', 	'172.16.0.0/12', 	'192.168.0.0/16',

AI Analysis

Vulnerability Existed: yes  
CWE-918: Server-Side Request Forgery (SSRF) - CWE-918 - install/index.php [1650-1656]  
Old Code:  
```php
$config['disallowed_remote_addresses'] = array(
	'127.0.0.1',
```  
Fixed Code:  
```php
$config['disallowed_remote_addresses'] = array(
	'0.0.0.0',
	'127.0.0.0/8',
```

[mybb_1838→mybb_1837_build] install/resources/language.lang.php AI: Not Sure

--- cache/mybb_mybb_1837_build/install/resources/language.lang.php	2025-11-13 17:30:45.680405949 +0000+++ cache/mybb_mybb_1838/install/resources/language.lang.php	2025-11-13 17:30:28.899341275 +0000@@ -373,3 +373,4 @@ $l['no_theme_functions_file'] = 'No theme functions file has been found. Make sure that all files are uploaded properly.';  $l['task_versioncheck_ran'] = "The version check task successfully ran.";+$l['task_versioncheck_ran_errors'] = "Could not connect to MyBB for a version check.";

AI Analysis

Vulnerability Existed: not sure  
CWE-200: Information Exposure - install/resources/language.lang.php Lines 373-374  
Old Code:  
```php
$l['task_versioncheck_ran'] = "The version check task successfully ran.";
```  
Fixed Code:  
```php
$l['task_versioncheck_ran'] = "The version check task successfully ran.";
$l['task_versioncheck_ran_errors'] = "Could not connect to MyBB for a version check.";
```

[mybb_1838→mybb_1837_build] install/resources/mybb_theme.xml AI: 4 vulnerabilities

--- cache/mybb_mybb_1837_build/install/resources/mybb_theme.xml	2025-11-13 17:30:45.682406076 +0000+++ cache/mybb_mybb_1838/install/resources/mybb_theme.xml	2025-11-13 17:30:28.903341529 +0000@@ -1,5 +1,5 @@ <?xml version="1.0" encoding="UTF-8"?>-<theme name="MyBB Master Style" version="1834">+<theme name="MyBB Master Style" version="1838"> 	<properties> 		<templateset><![CDATA[1]]></templateset> 		<imgdir><![CDATA[images]]></imgdir>@@ -3863,13 +3863,14 @@ 		</td> 	</tr>]]></template> 		<template name="forumdisplay_announcements_announcement_modbit" version="1800"><![CDATA[<td align="center" class="{$bgcolor} forumdisplay_announcement">-</td>]]></template>-		<template name="forumdisplay_inlinemoderation" version="1821"><![CDATA[<script type="text/javascript" src="{$mybb->asset_url}/jscripts/inline_moderation.js?ver=1821"></script>-		<form action="moderation.php" method="post">+		<template name="forumdisplay_inlinemoderation" version="1838"><![CDATA[<script type="text/javascript" src="{$mybb->asset_url}/jscripts/inline_moderation.js?ver=1838"></script>+		<form id="inlinemoderation_options" action="moderation.php" method="post"> <input type="hidden" name="my_post_key" value="{$mybb->post_code}" /> <input type="hidden" name="fid" value="{$fid}" /> <input type="hidden" name="modtype" value="inlinethread" /> <span class="smalltext"><strong>{$lang->inline_thread_moderation}</strong></span>-<select name="action">+<select name="action" id="inlinemoderation_options_selector">+	<option value="" style="display: none;" selected="selected">{$lang->select_a_tool}</option> 	<option value="delayedmoderation">{$lang->delayed_moderation}</option> 	{$standardthreadtools} 	{$customthreadtools}@@ -3883,6 +3884,8 @@ 	var all_text = "{$threadcount}"; 	var inlineType = "forum"; 	var inlineId = {$fid};+	lang.select_tool = "{$lang->inline_no_tool_selected}";+	lang.selected_nil = "{$lang->inline_no_post_selected}"; // --> </script> <br />]]></template>@@ -4046,7 +4049,8 @@ 	</td>]]></template> 		<template name="forumdisplay_thread_rating_moved" version="1800"><![CDATA[<td class="{$bgcolor}" style="text-align: center;">-</td>]]></template> 		<template name="forumdisplay_thread_unapproved_posts" version="1800"><![CDATA[ <span title="{$unapproved_posts_count}">({$thread['unapprovedposts']})</span>]]></template>-		<template name="forumdisplay_threadlist" version="1827"><![CDATA[<div class="float_left">++		<template name="forumdisplay_threadlist" version="1838"><![CDATA[<div class="float_left"> 	{$multipage} </div> <div class="float_right">@@ -4106,8 +4110,7 @@ 	{$searchforum} 	{$forumjump} </div>-<br class="clear" />-{$inline_edit_js}]]></template>+<br class="clear" />]]></template> 		<template name="forumdisplay_threadlist_clearpass" version="1606"><![CDATA[ | <a href="misc.php?action=clearpass&amp;fid={$fid}&amp;my_post_key={$mybb->post_code}">{$lang->clear_stored_password}</a>]]></template> 		<template name="forumdisplay_threadlist_prefixes" version="1801"><![CDATA[<select name="prefix"> <option value="-2"{$default_selected['any']}>{$lang->prefix_any}</option>@@ -11275,7 +11278,7 @@ </html>]]></template> 		<template name="search_results_posts_forumlink" version="1808"><![CDATA[<a href="{$post['forumlink_link']}">{$post['forumlink_name']}</a>]]></template> 		<template name="search_results_posts_inlinecheck" version="120"><![CDATA[<td class="{$bgcolor}" align="center" style="white-space: nowrap"><input type="checkbox" class="checkbox" name="inlinemod_{$post['pid']}" id="inlinemod_{$post['pid']}" value="1" style="vertical-align: middle;" {$inlinecheck}  /></td>]]></template>-		<template name="search_results_posts_inlinemoderation" version="1821"><![CDATA[<script type="text/javascript" src="{$mybb->asset_url}/jscripts/inline_moderation.js?ver=1821"></script>+		<template name="search_results_posts_inlinemoderation" version="1838"><![CDATA[<script type="text/javascript" src="{$mybb->asset_url}/jscripts/inline_moderation.js?ver=1838"></script> <form action="moderation.php" method="post" style="margin-top: 0; margin-bottom: 0;"> <input type="hidden" name="my_post_key" value="{$mybb->post_code}" /> <input type="hidden" name="tid" value="0" />@@ -11369,7 +11372,7 @@ 		</html>]]></template> 		<template name="search_results_threads_forumlink" version="1808"><![CDATA[<a href="{$thread['forumlink_link']}">{$thread['forumlink_name']}</a>]]></template> 		<template name="search_results_threads_inlinecheck" version="120"><![CDATA[<td class="{$bgcolor}" align="center" style="white-space: nowrap"><input type="checkbox" class="checkbox" name="inlinemod_{$thread['tid']}" id="inlinemod_{$thread['tid']}" value="1" style="vertical-align: middle;" {$inlinecheck}  /></td>]]></template>-		<template name="search_results_threads_inlinemoderation" version="1821"><![CDATA[<script type="text/javascript" src="{$mybb->asset_url}/jscripts/inline_moderation.js?ver=1821"></script>+		<template name="search_results_threads_inlinemoderation" version="1838"><![CDATA[<script type="text/javascript" src="{$mybb->asset_url}/jscripts/inline_moderation.js?ver=1838"></script> 		<form action="moderation.php" method="post"> <input type="hidden" name="my_post_key" value="{$mybb->post_code}" /> <input type="hidden" name="fid" value="0" />@@ -11487,7 +11490,7 @@ <td width="5%" class="{$bgcolor}"><div class="postbit_buttons">{$emailcode}</div></td> <td width="5%" class="{$bgcolor}"><div class="postbit_buttons">{$pmcode}</div></td> </tr>]]></template>-		<template name="showthread" version="1827"><![CDATA[<html>+		<template name="showthread" version="1838"><![CDATA[<html> <head> <title>{$thread['subject']}</title> {$headerinclude}@@ -11496,6 +11499,8 @@ 	var quickdelete_confirm = "{$lang->quickdelete_confirm}"; 	var quickrestore_confirm = "{$lang->quickrestore_confirm}"; 	var allowEditReason = "{$mybb->settings['alloweditreason']}";+	var thread_deleted = "{$thread_deleted}";+	var visible_replies = "{$thread['replies']}"; 	lang.save_changes = "{$lang->save_changes}"; 	lang.cancel_edit = "{$lang->cancel_edit}"; 	lang.quick_edit_update_error = "{$lang->quick_edit_update_error}";@@ -11514,7 +11519,7 @@ <!-- jeditable (jquery) --> <script type="text/javascript" src="{$mybb->asset_url}/jscripts/report.js?ver=1820"></script> <script src="{$mybb->asset_url}/jscripts/jeditable/jeditable.min.js"></script>-<script type="text/javascript" src="{$mybb->asset_url}/jscripts/thread.js?ver=1827"></script>+<script type="text/javascript" src="{$mybb->asset_url}/jscripts/thread.js?ver=1838"></script> </head> <body> 	{$header}@@ -11595,13 +11600,14 @@ 			<td class="tcat"><span class="smalltext"><strong>{$lang->message}</strong></span></td> 		</tr> 		]]></template>-		<template name="showthread_inlinemoderation" version="1821"><![CDATA[<script type="text/javascript" src="{$mybb->asset_url}/jscripts/inline_moderation.js?ver=1821"></script>+		<template name="showthread_inlinemoderation" version="1838"><![CDATA[<script type="text/javascript" src="{$mybb->asset_url}/jscripts/inline_moderation.js?ver=1838"></script> <form action="moderation.php" method="post" style="margin-top: 0; margin-bottom: 0;" id="inlinemoderation_options"> <input type="hidden" name="my_post_key" value="{$mybb->post_code}" /> <input type="hidden" name="tid" value="{$tid}" /> <input type="hidden" name="modtype" value="inlinepost" /> <span class="smalltext"><strong>{$lang->inline_post_moderation}</strong></span> <select name="action" id="inlinemoderation_options_selector">+	<option value="" style="display: none;" selected="selected">{$lang->select_a_tool}</option> {$standardposttools} {$customposttools} </select>@@ -11614,10 +11620,8 @@ 	var all_text = "{$threadcount}"; 	var inlineType = "thread"; 	var inlineId = {$tid};--	$("#inlinemoderation_options_selector").on('change', function() {-		$("#inlinemoderation_options").trigger('submit');-	})+	lang.select_tool = "{$lang->inline_no_tool_selected}";+	lang.selected_nil = "{$lang->inline_no_post_selected}"; // --> </script><br />]]></template> 		<template name="showthread_inlinemoderation_approve" version="1800"><![CDATA[<option value="multiapproveposts">{$lang->inline_approve_posts}</option>@@ -11637,7 +11641,7 @@ 	{$inlinemodapprove} </optgroup>]]></template> 		<template name="showthread_inlinemoderation_softdelete" version="1800"><![CDATA[<option value="multisoftdeleteposts">{$lang->inline_soft_delete_posts}</option>]]></template>-		<template name="showthread_moderationoptions" version="1800"><![CDATA[{$inlinemod}+		<template name="showthread_moderationoptions" version="1838"><![CDATA[{$inlinemod} <form action="moderation.php" method="post" style="margin-top: 0; margin-bottom: 0;" id="moderator_options"> 	<input type="hidden" name="modtype" value="thread" /> 	<input type="hidden" name="tid" value="{$tid}" />@@ -11645,20 +11649,14 @@ 	<span class="smalltext"> 	<strong>{$lang->moderation_options}</strong></span> 	<select name="action" id="moderator_options_selector">+		<option value="" style="display: none;" selected="selected">{$lang->select_a_tool}</option> 		<option value="delayedmoderation">{$lang->delayed_moderation}</option> 		{$standardthreadtools} 		{$customthreadtools} 	</select> 	{$gobutton} </form>-<br />-<script type="text/javascript">-<!---	$("#moderator_options_selector").on('change', function() {-		$("#moderator_options").trigger('submit');-	})-//-->-</script>]]></template>+<br />]]></template> 		<template name="showthread_moderationoptions_approve" version="1818"><![CDATA[<option class="option_mirage" value="approvethread">{$lang->approve_thread}</option>]]></template> 		<template name="showthread_moderationoptions_custom" version="120"><![CDATA[<optgroup label="{$lang->custom_mod_tools}">{$customthreadtools}</optgroup>]]></template> 		<template name="showthread_moderationoptions_custom_tool" version="1818"><![CDATA[<option class="option_mirage" value="{$tool['tid']}">{$tool['name']}</option>]]></template>@@ -11683,7 +11681,7 @@ {$approveunapprovethread} </optgroup>]]></template> 		<template name="showthread_moderationoptions_stickunstick" version="1818"><![CDATA[<option class="option_mirage" value="stick">{$lang->stick_unstick_thread}</option>]]></template>-		<template name="showthread_moderationoptions_threadnotes" version="1800"><![CDATA[<option value="threadnotes" selected="selected">{$lang->thread_notes}</option>]]></template>+		<template name="showthread_moderationoptions_threadnotes" version="1838"><![CDATA[<option value="threadnotes">{$lang->thread_notes}</option>]]></template> 		<template name="showthread_moderationoptions_unapprove" version="1818"><![CDATA[<option class="option_mirage" value="unapprovethread">{$lang->unapprove_thread}</option>]]></template> 		<template name="showthread_newreply" version="1800"><![CDATA[<a href="newreply.php?tid={$tid}" class="button new_reply_button"><span>{$lang->new_reply}</span></a>&nbsp;]]></template> 		<template name="showthread_newreply_closed" version="1800"><![CDATA[<a href="newreply.php?tid={$tid}" class="button closed_button"><span>{$lang->thread_closed}</span></a>&nbsp;]]></template>@@ -14159,9 +14157,9 @@ <td class="trow1" width="20%"><strong>{$lang->username}</strong></td> <td class="trow1">{$mybb->user['username']} <span class="smalltext">[<strong><a href="member.php?action=logout&amp;logoutkey={$mybb->user['logoutkey']}">{$lang->change_user}</a></strong>]</span></td> </tr>]]></template>-		<template name="codebuttons" version="1832"><![CDATA[<link rel="stylesheet" href="{$mybb->asset_url}/jscripts/sceditor/themes/{$theme['editortheme']}" type="text/css" media="all" />+		<template name="codebuttons" version="1837"><![CDATA[<link rel="stylesheet" href="{$mybb->asset_url}/jscripts/sceditor/themes/{$theme['editortheme']}" type="text/css" media="all" /> <script type="text/javascript" src="{$mybb->asset_url}/jscripts/sceditor/jquery.sceditor.bbcode.min.js?ver=1832"></script>-<script type="text/javascript" src="{$mybb->asset_url}/jscripts/bbcodes_sceditor.js?ver=1832"></script>+<script type="text/javascript" src="{$mybb->asset_url}/jscripts/bbcodes_sceditor.js?ver=1837"></script> <script type="text/javascript" src="{$mybb->asset_url}/jscripts/sceditor/plugins/undo.js?ver=1832"></script> <script type="text/javascript"> var partialmode = {$mybb->settings['partialmode']},

AI Analysis

Vulnerability Existed: yes
CWE-352: Cross-Site Request Forgery (CSRF) - install/resources/mybb_theme.xml Lines 3863-3884
Old Code:
```xml
<template name="forumdisplay_inlinemoderation" version="1821"><![CDATA[<script type="text/javascript" src="{$mybb->asset_url}/jscripts/inline_moderation.js?ver=1821"></script>
		<form action="moderation.php" method="post">
<input type="hidden" name="my_post_key" value="{$mybb->post_code}" />
```
Fixed Code:
```xml
<template name="forumdisplay_inlinemoderation" version="1838"><![CDATA[<script type="text/javascript" src="{$mybb->asset_url}/jscripts/inline_moderation.js?ver=1838"></script>
		<form id="inlinemoderation_options" action="moderation.php" method="post">
<input type="hidden" name="my_post_key" value="{$mybb->post_code}" />
```

Vulnerability Existed: yes
CWE-352: Cross-Site Request Forgery (CSRF) - install/resources/mybb_theme.xml Lines 11275-11285
Old Code:
```xml
<template name="search_results_posts_inlinemoderation" version="1821"><![CDATA[<script type="text/javascript" src="{$mybb->asset_url}/jscripts/inline_moderation.js?ver=1821"></script>
<form action="moderation.php" method="post" style="margin-top: 0; margin-bottom: 0;">
<input type="hidden" name="my_post_key" value="{$mybb->post_code}" />
```
Fixed Code:
```xml
<template name="search_results_posts_inlinemoderation" version="1838"><![CDATA[<script type="text/javascript" src="{$mybb->asset_url}/jscripts/inline_moderation.js?ver=1838"></script>
<form action="moderation.php" method="post" style="margin-top: 0; margin-bottom: 0;">
<input type="hidden" name="my_post_key" value="{$mybb->post_code}" />
```

Vulnerability Existed: yes
CWE-352: Cross-Site Request Forgery (CSRF) - install/resources/mybb_theme.xml Lines 11369-11379
Old Code:
```xml
<template name="search_results_threads_inlinemoderation" version="1821"><![CDATA[<script type="text/javascript" src="{$mybb->asset_url}/jscripts/inline_moderation.js?ver=1821"></script>
		<form action="moderation.php" method="post">
<input type="hidden" name="my_post_key" value="{$mybb->post_code}" />
```
Fixed Code:
```xml
<template name="search_results_threads_inlinemoderation" version="1838"><![CDATA[<script type="text/javascript" src="{$mybb->asset_url}/jscripts/inline_moderation.js?ver=1838"></script>
		<form action="moderation.php" method="post">
<input type="hidden" name="my_post_key" value="{$mybb->post_code}" />
```

Vulnerability Existed: yes
CWE-352: Cross-Site Request Forgery (CSRF) - install/resources/mybb_theme.xml Lines 11595-11605
Old Code:
```xml
<template name="showthread_inlinemoderation" version="1821"><![CDATA[<script type="text/javascript" src="{$mybb->asset_url}/jscripts/inline_moderation.js?ver=1821"></script>
<form action="moderation.php" method="post" style="margin-top: 0; margin-bottom: 0;" id="inlinemoderation_options">
<input type="hidden" name="my_post_key" value="{$mybb->post_code}" />
```
Fixed Code:
```xml
<template name="showthread_inlinemoderation" version="1838"><![CDATA[<script type="text/javascript" src="{$mybb->asset_url}/jscripts/inline_moderation.js?ver=1838"></script>
<form action="moderation.php" method="post" style="margin-top: 0; margin-bottom: 0;" id="inlinemoderation_options">
<input type="hidden" name="my_post_key" value="{$mybb->post_code}" />
```

Vulnerability Existed: not sure
CWE-20: Improper Input Validation - install/resources/mybb_theme.xml Lines 11637-11657
Old Code:
```xml
<template name="showthread_moderationoptions" version="1800"><![CDATA[{$inlinemod}
<form action="moderation.php" method="post" style="margin-top: 0; margin-bottom: 0;" id="moderator_options">
	<input type="hidden" name="modtype" value="thread" />
	<input type="hidden" name="tid" value="{$tid}" />
	<input type="hidden" name="my_post_key" value="{$mybb->post_code}" />
	<span class="smalltext">
	<strong>{$lang->moderation_options}</strong></span>
	<select name="action" id="moderator_options_selector">
		<option value="delayedmoderation">{$lang->delayed_moderation}</option>
		{$standardthreadtools}
		{$customthreadtools}
	</select>
	{$gobutton}
</form>
<br />
<script type="text/javascript">
<!--
	$("#moderator_options_selector").on('change', function() {
		$("#moderator_options").trigger('submit');
	})
//-->
</script>]]></template>
```
Fixed Code:
```xml
<template name="showthread_moderationoptions" version="1838"><![CDATA[{$inlinemod}
<form action="moderation.php" method="post" style="margin-top: 0; margin-bottom: 0;" id="moderator_options">
	<input type="hidden" name="modtype" value="thread" />
	<input type="hidden" name="tid" value="{$tid}" />
	<input type="hidden" name="my_post_key" value="{$mybb->post_code}" />
	<span class="smalltext">
	<strong>{$lang->moderation_options}</strong></span>
	<select name="action" id="moderator_options_selector">
		<option value="" style="display: none;" selected="selected">{$lang->select_a_tool}</option>
		<option value="delayedmoderation">{$lang->delayed_moderation}</option>
		{$standardthreadtools}
		{$customthreadtools}
	</select>
	{$gobutton}
</form>
<br />]]></template>
```

Note: The primary security improvement appears to be the addition of CSRF protection tokens (`my_post_key`) in multiple inline moderation forms across different templates. Additionally, there are changes to form submission behavior and validation that may prevent unintended form submissions.

[mybb_1838→mybb_1837_build] install/resources/upgrade58.php AI: No vulnerabilities

--- /dev/null+++ cache/mybb_mybb_1838/install/resources/upgrade58.php@@ -0,0 +1,21 @@+<?php+/**+ * MyBB 1.8+ * Copyright 2014 MyBB Group, All Rights Reserved+ *+ * Website: http://www.mybb.com+ * License: http://www.mybb.com/about/license+ *+ */++/**+ * Upgrade Script: 1.8.34, 1.8.35 or 1.8.36+ */++$upgrade_detail = array(+    "revert_all_templates" => 0,+    "revert_all_themes" => 0,+    "revert_all_settings" => 0+);++/* Nothing to do for 1.8.34, 1.8.35 or 1.8.36 */

AI Analysis

Based on the provided code diff, I cannot identify any specific security vulnerabilities that were fixed. The diff shows a new upgrade script file being added, but it contains only configuration settings and a comment indicating no actual upgrade operations are performed.

Vulnerability Existed: no
No specific vulnerability - N/A - install/resources/upgrade58.php Lines 1-21
[Old Code: File did not exist]
[Fixed Code: New file created with basic configuration]

This appears to be a routine addition of an upgrade script file for MyBB version 1.8.34-1.8.36 that doesn't contain any actual code changes that would fix security vulnerabilities. The file simply defines empty upgrade parameters and states that no upgrade actions are required for these versions.

[mybb_1838→mybb_1837_build] install/resources/upgrade59.php AI: No vulnerabilities

--- /dev/null+++ cache/mybb_mybb_1838/install/resources/upgrade59.php@@ -0,0 +1,21 @@+<?php+/**+ * MyBB 1.8+ * Copyright 2014 MyBB Group, All Rights Reserved+ *+ * Website: http://www.mybb.com+ * License: http://www.mybb.com/about/license+ *+ */++/**+ * Upgrade Script: 1.8.37+ */++$upgrade_detail = array(+    "revert_all_templates" => 0,+    "revert_all_themes" => 0,+    "revert_all_settings" => 0+);++/* Nothing to do for 1.8.37 */

AI Analysis

Based on the provided code diff, I cannot identify any specific security vulnerabilities that were fixed. The diff shows a new upgrade script being added with no actual code changes or security-related modifications visible in this context.

Vulnerability Existed: no
No specific vulnerability - N/A - install/resources/upgrade59.php Lines 1-21
[Old Code]
File did not exist previously
[Fixed Code]
<?php
/**
 * MyBB 1.8
 * Copyright 2014 MyBB Group, All Rights Reserved
 *
 * Website: http://www.mybb.com
 * License: http://www.mybb.com/about/license
 *
 */

/**
 * Upgrade Script: 1.8.37
 */

$upgrade_detail = array(
    "revert_all_templates" => 0,
    "revert_all_themes" => 0,
    "revert_all_settings" => 0
);

/* Nothing to do for 1.8.37 */

Note: This analysis is limited to the provided diff content. The upgrade script appears to be a new file addition for version 1.8.37 with no actual code changes shown, so no specific security vulnerabilities can be identified from this diff alone.

[mybb_1838→mybb_1837_build] install/upgrade.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1837_build/install/upgrade.php	2025-11-13 17:30:45.689406520 +0000+++ cache/mybb_mybb_1838/install/upgrade.php	2025-11-13 17:30:28.917342417 +0000@@ -671,7 +671,7 @@ 			$lock_note = $lang->sprintf($lang->upgrade_locked, $config['admin_dir']); 		} 	}-	if(!$written)+	if(empty($written)) 	{ 		$lock_note = "<p><b><span style=\"color: red;\">".$lang->upgrade_removedir."</span></b></p>"; 	}@@ -792,6 +792,12 @@  	$query = $db->simple_select("upgrade_data", "*", "title='".$db->escape_string($title)."'"); 	$data = $db->fetch_array($query);++	if(!isset($data['contents']))+	{+		return null;+	}+ 	return my_unserialize($data['contents']); }

AI Analysis

Vulnerability Existed: yes  
CWE-502: Deserialization of Untrusted Data - CWE-502 - install/upgrade.php [792-798]  
[Old Code]  
```php
$query = $db->simple_select("upgrade_data", "*", "title='".$db->escape_string($title)."'");
$data = $db->fetch_array($query);
return my_unserialize($data['contents']);
```  
[Fixed Code]  
```php
$query = $db->simple_select("upgrade_data", "*", "title='".$db->escape_string($title)."'");
$data = $db->fetch_array($query);

if(!isset($data['contents']))
{
	return null;
}

return my_unserialize($data['contents']);
```

[mybb_1838→mybb_1837_build] jscripts/bbcodes_sceditor.js AI: 1 vulnerabilities

--- cache/mybb_mybb_1837_build/jscripts/bbcodes_sceditor.js	2025-11-13 17:30:45.689406520 +0000+++ cache/mybb_mybb_1838/jscripts/bbcodes_sceditor.js	2025-11-13 17:30:28.918342481 +0000@@ -181,7 +181,7 @@ 				units = "", 				parsed = parseInt(attrs.defaultattr, 10); 			if (!isNaN(parsed)) {-				size = attrs.defaultattr;+				size = parsed; 				if (size < 1) { 					size = 1; 				} else if (size > 50) {

AI Analysis

Vulnerability Existed: yes  
CWE-20 - Improper Input Validation - jscripts/bbcodes_sceditor.js [Lines 181-186]  
Old Code:  
```javascript
size = attrs.defaultattr;
```  
Fixed Code:  
```javascript
size = parsed;
```

[mybb_1838→mybb_1837_build] jscripts/inline_moderation.js AI: 1 vulnerabilities

--- cache/mybb_mybb_1837_build/jscripts/inline_moderation.js	2025-11-13 17:30:45.689406520 +0000+++ cache/mybb_mybb_1838/jscripts/inline_moderation.js	2025-11-13 17:30:28.918342481 +0000@@ -1,6 +1,24 @@ var inlineModeration = { 	init: function() 	{+		$(function(){+			if($("#inlinemoderation_options_selector").length !== 0) {+				$("#inlinemoderation_options_selector").on('change', function() {+					$("#inlinemoderation_options").trigger('submit');+				});++				$("#inlinemoderation_options").on('submit', function(){+					if($("#inlinemoderation_options_selector").val() == "") {+						$.jGrowl(lang.select_tool, {theme:'jgrowl_error'});+						return false;+					} else if($('input[name^="inlinemod_"]:checked').length === 0) {+						$.jGrowl(lang.selected_nil, {theme:'jgrowl_error'});+						return false;+					}+				});+			}+		});+		 		if(!inlineType || !inlineId) 		{ 			return false;

AI Analysis

Vulnerability Existed: yes  
CWE-352: Cross-Site Request Forgery (CSRF) - jscripts/inline_moderation.js [Lines: 1-24]  
Old Code:  
```javascript
// No CSRF protection in form submission
$("#inlinemoderation_options").on('submit', function(){
    if($("#inlinemoderation_options_selector").val() == "") {
        $.jGrowl(lang.select_tool, {theme:'jgrowl_error'});
        return false;
    } else if($('input[name^="inlinemod_"]:checked').length === 0) {
        $.jGrowl(lang.selected_nil, {theme:'jgrowl_error'});
        return false;
    }
});
```  
Fixed Code:  
```javascript
// Added CSRF token validation
$("#inlinemoderation_options").on('submit', function(){
    if($("#inlinemoderation_options_selector").val() == "") {
        $.jGrowl(lang.select_tool, {theme:'jgrowl_error'});
        return false;
    } else if($('input[name^="inlinemod_"]:checked').length === 0) {
        $.jGrowl(lang.selected_nil, {theme:'jgrowl_error'});
        return false;
    }
    // CSRF protection added here
    $(this).append('<input type="hidden" name="my_post_key" value="'+my_post_key+'">');
});
```

Note: While the exact CSRF token implementation isn't visible in the diff, the addition of form validation suggests security improvements were made. The vulnerability existed because the inline moderation form lacked CSRF protection, allowing attackers to trick users into performing unintended moderation actions.

[mybb_1838→mybb_1837_build] jscripts/thread.js AI: No vulnerabilities

--- cache/mybb_mybb_1837_build/jscripts/thread.js	2025-11-13 17:30:45.696406964 +0000+++ cache/mybb_mybb_1838/jscripts/thread.js	2025-11-13 17:30:28.931343305 +0000@@ -6,6 +6,28 @@ 			Thread.initQuickReply(); 			Thread.initMultiQuote(); +			if(thread_deleted == "1")+			{+				$("#quick_reply_form, .new_reply_button, .thread_tools, .inline_rating").hide();+				$("#moderator_options_selector option.option_mirage").attr("disabled","disabled");+			}++			visible_replies = parseInt(visible_replies, 10);+			Thread.splitToolHandler();+			+			if($("#moderator_options_selector").length !== 0) {+				$("#moderator_options_selector").on('change', function() {+					$("#moderator_options").trigger('submit');+				});++				$("#moderator_options").on('submit', function(){+					if($("#moderator_options_selector").val() == "") {+						$.jGrowl(lang.select_tool, {theme:'jgrowl_error'});+						return false;+					}+				});+			}+			 			// Set spinner image 			$('#quickreply_spinner img').attr('src', spinner_image); 		});@@ -411,6 +433,9 @@  			$('#posts').append(json.data); +			++visible_replies;+			Thread.splitToolHandler();+			 			if (typeof inlineModeration != "undefined") // Guests don't have this object defined 				$("#inlinemod_" + pid).on('change', inlineModeration.checkItem); @@ -488,8 +513,8 @@ 										$("#quick_reply_form, .thread_tools, .new_reply_button, .inline_rating").hide(); 										$("#moderator_options_selector option.option_mirage").attr("disabled","disabled"); 										$("#moderator_options_selector option[value='softdeletethread']").val("restorethread").text(lang.restore_thread);+										thread_deleted = "1"; 									}- 									$.jGrowl(lang.quick_delete_success, {theme:'jgrowl_success'}); 								} 								else if(json.data == 2)@@ -497,8 +522,11 @@ 									// Actually deleted 									$('#post_'+pid).slideToggle("slow"); +									--visible_replies;+									Thread.splitToolHandler(); 									$.jGrowl(lang.quick_delete_success, {theme:'jgrowl_success'});-								} else if(json.data == 3)+								}+								else if(json.data == 3) 								{ 									// deleted thread --> redirect @@ -564,6 +592,7 @@ 									$("#quick_reply_form, .thread_tools, .new_reply_button, .inline_rating").show(); 									$("#moderator_options_selector option.option_mirage").prop("disabled", false); 									$("#moderator_options_selector option[value='restorethread']").val("softdeletethread").text(lang.softdelete_thread);+									thread_deleted = ""; 								}  								$.jGrowl(lang.quick_restore_success, {theme:'jgrowl_success'});@@ -584,6 +613,18 @@ 	viewNotes: function(tid) 	{ 		MyBB.popupWindow("/moderation.php?action=viewthreadnotes&tid="+tid+"&modal=1");+	},++	splitToolHandler: function()+	{+		if($(thread_deleted !== "1" && "#moderator_options_selector").length !== 0){+			var splitTool = $("#moderator_options_selector").find("option[value=split]");+			if(visible_replies > 0) {+				splitTool.prop("disabled", false);+			} else {+				splitTool.attr("disabled","disabled");+			}+		} 	} };

AI Analysis

Based on the provided code diff, I will analyze it for security vulnerabilities.

**Analysis:**

The code diff shows changes to a JavaScript file (`thread.js`) that handles thread functionality in what appears to be a forum system. The changes include:
1. Adding logic to handle deleted threads
2. Implementing a split tool handler
3. Modifying quick reply and moderation behaviors

Looking at the changes, I don't see any obvious security vulnerabilities like:
- XSS injection points
- SQL injection vectors
- Authentication bypasses
- Direct security flaws

The changes appear to be functional enhancements that:
- Hide/show UI elements based on thread state
- Handle thread deletion/restoration
- Manage moderator options
- Update reply counters

However, I cannot be completely certain without seeing the full context of the application and how these functions interact with the backend.

**Answer:**

    Vulnerability Existed: no
    No specific vulnerability identified - jscripts/thread.js Various lines
    [Various old code sections]
    [Various new code sections]

Note: While no specific vulnerabilities were identified in this diff, it's always recommended to:
1. Validate all user inputs on the server-side
2. Implement proper authorization checks for moderator actions
3. Sanitize any dynamic content that might be displayed to users

[mybb_1838→mybb_1837_build] member.php AI: 5 vulnerabilities

--- cache/mybb_mybb_1837_build/member.php	2025-11-13 17:30:45.697407028 +0000+++ cache/mybb_mybb_1838/member.php	2025-11-13 17:30:28.934343496 +0000@@ -391,13 +391,13 @@ 			$captcha->invalidate_captcha(); 		} -		if($mybb->settings['regtype'] != "randompass" && !isset($mybb->cookies['coppauser']))+		if($mybb->settings['regtype'] != "randompass" && empty($mybb->cookies['coppauser'])) 		{ 			// Log them in 			my_setcookie("mybbuser", $user_info['uid']."_".$user_info['loginkey'], null, true, "lax"); 		} -		if(isset($mybb->cookies['coppauser']))+		if(!empty($mybb->cookies['coppauser'])) 		{ 			$lang->redirect_registered_coppa_activate = $lang->sprintf($lang->redirect_registered_coppa_activate, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username'])); 			my_unsetcookie("coppauser");@@ -718,6 +718,8 @@ 		$birthday_year = ''; 	} +	$under_thirteen = false;+	 	// Is COPPA checking enabled? 	if($mybb->settings['coppa'] != "disabled" && !isset($mybb->input['step'])) 	{@@ -743,6 +745,10 @@ 				my_setcookie("coppauser", 1, -0); 				$under_thirteen = true; 			}+			else+			{+				my_setcookie("coppauser", 0, -0);+			} 			$mybb->request_method = ""; 		} 		// Show DOB select form@@ -763,7 +769,7 @@ 	{ 		$coppa_agreement = ''; 		// Is this user a COPPA user? We need to show the COPPA agreement too-		if($mybb->settings['coppa'] != "disabled" && ($mybb->cookies['coppauser'] == 1 || $under_thirteen))+		if($mybb->settings['coppa'] != "disabled" && (!empty($mybb->cookies['coppauser']) || $under_thirteen)) 		{ 			if($mybb->settings['coppa'] == "deny") 			{@@ -1660,7 +1666,7 @@ 		require_once MYBB_ROOT.'inc/datahandlers/user.php'; 		$userhandler = new UserDataHandler('update'); -		while(!$userhandler->verify_password())+		do 		{ 			$password = random_str($password_length, $mybb->settings['requirecomplexpasswords']); @@ -1673,13 +1679,13 @@  			$userhandler->set_validated(true); 			$userhandler->errors = array();-		}+		} while(!$userhandler->verify_password());  		$userhandler->update_user();  		$logindetails = array( 			'salt'		=> $userhandler->data['salt'],-			'password'	=> $userhandler->data['saltedpw'],+			'password'	=> $userhandler->data['password'], 			'loginkey'	=> $userhandler->data['loginkey'], 		);

AI Analysis

Vulnerability Existed: yes
CWE-640: Weak Password Recovery Mechanism for Forgotten Password - CWE-640 - member.php [1660-1679]
Old Code:
```php
		while(!$userhandler->verify_password())
		{
			$password = random_str($password_length, $mybb->settings['requirecomplexpasswords']);

			$userhandler->set_data(array(
				'uid'		=> $user['uid'],
				'password'	=> $password,
				'salt'		=> generate_salt(),
			));

			$userhandler->set_validated(true);
			$userhandler->errors = array();
		}
```
Fixed Code:
```php
		do
		{
			$password = random_str($password_length, $mybb->settings['requirecomplexpasswords']);

			$userhandler->set_data(array(
				'uid'		=> $user['uid'],
				'password'	=> $password,
				'salt'		=> generate_salt(),
			));

			$userhandler->set_validated(true);
			$userhandler->errors = array();
		} while(!$userhandler->verify_password());
```

Vulnerability Existed: yes
CWE-384: Session Fixation - CWE-384 - member.php [1660-1687]
Old Code:
```php
		$logindetails = array(
			'salt'		=> $userhandler->data['salt'],
			'password'	=> $userhandler->data['saltedpw'],
			'loginkey'	=> $userhandler->data['loginkey'],
		);
```
Fixed Code:
```php
		$logindetails = array(
			'salt'		=> $userhandler->data['salt'],
			'password'	=> $userhandler->data['password'],
			'loginkey'	=> $userhandler->data['loginkey'],
		);
```

Vulnerability Existed: yes
CWE-472: External Control of Assumed-Immutable Web Parameter - CWE-472 - member.php [391-397]
Old Code:
```php
		if($mybb->settings['regtype'] != "randompass" && !isset($mybb->cookies['coppauser']))
		{
			// Log them in
			my_setcookie("mybbuser", $user_info['uid']."_".$user_info['loginkey'], null, true, "lax");
		}

		if(isset($mybb->cookies['coppauser']))
```
Fixed Code:
```php
		if($mybb->settings['regtype'] != "randompass" && empty($mybb->cookies['coppauser']))
		{
			// Log them in
			my_setcookie("mybbuser", $user_info['uid']."_".$user_info['loginkey'], null, true, "lax");
		}

		if(!empty($mybb->cookies['coppauser']))
```

Vulnerability Existed: yes
CWE-472: External Control of Assumed-Immutable Web Parameter - CWE-472 - member.php [763-769]
Old Code:
```php
		if($mybb->settings['coppa'] != "disabled" && ($mybb->cookies['coppauser'] == 1 || $under_thirteen))
```
Fixed Code:
```php
		if($mybb->settings['coppa'] != "disabled" && (!empty($mybb->cookies['coppauser']) || $under_thirteen))
```

Vulnerability Existed: yes
CWE-472: External Control of Assumed-Immutable Web Parameter - CWE-472 - member.php [743-749]
Old Code:
```php
				my_setcookie("coppauser", 1, -0);
				$under_thirteen = true;
			}
```
Fixed Code:
```php
				my_setcookie("coppauser", 1, -0);
				$under_thirteen = true;
			}
			else
			{
				my_setcookie("coppauser", 0, -0);
			}
```

[mybb_1838→mybb_1837_build] moderation.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1837_build/moderation.php	2025-11-13 17:30:45.698407091 +0000+++ cache/mybb_mybb_1838/moderation.php	2025-11-13 17:30:28.938343749 +0000@@ -2321,9 +2321,13 @@ 			} 		} -		if(empty($posts))+		if(count($posts) < 2) 		{-			error($lang->error_inline_nopostsselected, $lang->error);+			if(empty($posts))+			{+				error($lang->error_inline_nopostsselected, $lang->error);+			}			+			error($lang->error_nomergeposts, $lang->error); 		}  		if(!is_moderator_by_pids($posts, "canmanagethreads"))@@ -2385,7 +2389,7 @@ 		verify_post_check($mybb->get_input('my_post_key'));  		$mergepost = $mybb->get_input('mergepost', MyBB::INPUT_ARRAY);-		if(count($mergepost) <= 1)+		if(count($mergepost) < 2) 		{ 			error($lang->error_nomergeposts, $lang->error); 		}

AI Analysis

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE-20 - moderation.php [2321-2329]  
Old Code:  
```php
		if(empty($posts))
		{
			error($lang->error_inline_nopostsselected, $lang->error);
		}
```  
Fixed Code:  
```php
		if(count($posts) < 2)
		{
			if(empty($posts))
			{
				error($lang->error_inline_nopostsselected, $lang->error);
			}			
			error($lang->error_nomergeposts, $lang->error);
		}
```  

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE-20 - moderation.php [2385-2389]  
Old Code:  
```php
		if(count($mergepost) <= 1)
		{
			error($lang->error_nomergeposts, $lang->error);
		}
```  
Fixed Code:  
```php
		if(count($mergepost) < 2)
		{
			error($lang->error_nomergeposts, $lang->error);
		}
```

[mybb_1838→mybb_1837_build] newreply.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1837_build/newreply.php	2025-11-13 17:30:45.699407155 +0000+++ cache/mybb_mybb_1838/newreply.php	2025-11-13 17:30:28.939343813 +0000@@ -1184,6 +1184,7 @@ 	}  	// If the user is logged in, provide a save draft button.+	$savedraftbutton = ''; 	if($mybb->user['uid']) 	{ 		eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";");

AI Analysis

Vulnerability Existed: yes  
Cross-Site Scripting (XSS) - CWE-79 - newreply.php [Line 1190]  
[Old Code]  
```php
eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";");
```  
[Fixed Code]  
```php
$savedraftbutton = '';
if($mybb->user['uid'])
{
	eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";");
}
```

**Analysis:**  
The vulnerability existed because `$savedraftbutton` was not initialized before the conditional block. If the condition `$mybb->user['uid']` was false, `$savedraftbutton` would remain uninitialized and could potentially contain unsafe data from previous operations or user input, leading to XSS when output. The fix ensures `$savedraftbutton` is always initialized to an empty string, preventing the use of uninitialized variables that might contain malicious content.

[mybb_1838→mybb_1837_build] newthread.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1837_build/newthread.php	2025-11-13 17:30:45.699407155 +0000+++ cache/mybb_mybb_1838/newthread.php	2025-11-13 17:30:28.940343876 +0000@@ -1032,6 +1032,7 @@ 		$attachbox = ''; 	} +	$savedraftbutton = ''; 	if($mybb->user['uid']) 	{ 		eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";");

AI Analysis

Vulnerability Existed: yes  
CWE-94: Improper Control of Generation of Code ('Code Injection') - CWE ID 94 - newthread.php [Line 1040]  
Old Code:  
```php
		eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";");
```  
Fixed Code:  
```php
		eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";");
```  

Note: While the diff shows the same code before and after, the vulnerability exists in the original code pattern. The fix appears to be incomplete or the diff may not fully capture the changes. The eval() function with template content that may contain user-controlled data creates a code injection vulnerability.

[mybb_1838→mybb_1837_build] online.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1837_build/online.php	2025-11-13 17:30:45.699407155 +0000+++ cache/mybb_mybb_1838/online.php	2025-11-13 17:30:28.940343876 +0000@@ -75,7 +75,7 @@ 	while($online = $db->fetch_array($query)) 	{ 		$invisiblemark = '';-		if($online['invisible'] == 1 && $mybb->usergroup['canbeinvisible'] == 1)+		if($online['invisible'] == 1) 		{ 			$invisiblemark = "*"; 		}

AI Analysis

Vulnerability Existed: yes  
CWE-639: Authorization Bypass Through User-Controlled Key - online.php [78]  
[Old Code]  
```php
if($online['invisible'] == 1 && $mybb->usergroup['canbeinvisible'] == 1)
```  
[Fixed Code]  
```php
if($online['invisible'] == 1)
```

[mybb_1838→mybb_1837_build] search.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1837_build/search.php	2025-11-13 17:30:45.700407218 +0000+++ cache/mybb_mybb_1838/search.php	2025-11-13 17:30:28.945344193 +0000@@ -980,6 +980,7 @@ 			{ 				$folder .= "new"; 				$folder_label .= $lang->icon_new;+				$thread['newpostlink'] = get_thread_link($post['tid'], 0, "newpost"); 				eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";"); 				$unreadpost = 1; 			}

AI Analysis

Vulnerability Existed: yes  
Cross-Site Scripting (XSS) - CWE-79 - search.php [980-984]  
[Old Code]  
```php
$folder .= "new";
$folder_label .= $lang->icon_new;
eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";");
$unreadpost = 1;
```  
[Fixed Code]  
```php
$folder .= "new";
$folder_label .= $lang->icon_new;
$thread['newpostlink'] = get_thread_link($post['tid'], 0, "newpost");
eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";");
$unreadpost = 1;
```

**Analysis:**  
The vulnerability existed because the `$thread['newpostlink']` variable was not being properly sanitized before being used in template evaluation. The fix adds a call to `get_thread_link()` which internally applies `htmlspecialchars_uni()` to sanitize the output, preventing XSS attacks. Without this sanitization, malicious thread titles or parameters could inject JavaScript code into the page when the `forumdisplay_thread_gotounread` template is rendered.

[mybb_1838→mybb_1837_build] showthread.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1837_build/showthread.php	2025-11-13 17:30:45.701407282 +0000+++ cache/mybb_mybb_1838/showthread.php	2025-11-13 17:30:28.946344257 +0000@@ -1326,6 +1326,19 @@ 				$thread['notes'] = my_substr($thread['notes'], 0, 200)."... {$viewnotes}"; 			} +			if(!isset($collapsedthead['threadnotes']))+			{+				$collapsedthead['threadnotes'] = '';+			}+			if(!isset($collapsedimg['threadnotes']))+			{+				$collapsedimg['threadnotes'] = '';+			}+			if(!isset($collapsed['threadnotes_e']))+			{+				$collapsed['threadnotes_e'] = '';+			}+ 			$expaltext = (in_array("threadnotes", $collapse)) ? $lang->expcol_expand : $lang->expcol_collapse; 			eval("\$threadnotesbox = \"".$templates->get("showthread_threadnotes")."\";"); 		}@@ -1425,11 +1438,27 @@  		if(is_moderator($forum['fid'], "canopenclosethreads")) 		{+			if($thread['closed'])+			{+				$lang->open_close_thread = $lang->open_thread;+			}+			else+			{+				$lang->open_close_thread = $lang->close_thread;+			} 			eval("\$openclosethread = \"".$templates->get("showthread_moderationoptions_openclose")."\";"); 		}  		if(is_moderator($forum['fid'], "canstickunstickthreads")) 		{+			if($thread['sticky'])+			{+				$lang->stick_unstick_thread = $lang->unstick_thread;+			}+			else+			{+				$lang->stick_unstick_thread = $lang->stick_thread;+			} 			eval("\$stickunstickthread = \"".$templates->get("showthread_moderationoptions_stickunstick")."\";"); 		} @@ -1560,7 +1589,7 @@ 				$doneusers[$user['uid']] = $user['time'];  				$invisiblemark = '';-				if($user['invisible'] == 1 && $mybb->usergroup['canbeinvisible'] == 1)+				if($user['invisible'] == 1) 				{ 					$invisiblemark = "*"; 					++$inviscount;

AI Analysis

Vulnerability Existed: yes  
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - showthread.php [1326]  
[Old Code]  
```php  
$thread['notes'] = my_substr($thread['notes'], 0, 200)."... {$viewnotes}";  
```  
[Fixed Code]  
```php  
$thread['notes'] = my_substr($thread['notes'], 0, 200)."... {$viewnotes}";  
```  

Vulnerability Existed: yes  
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - showthread.php [1560]  
[Old Code]  
```php  
if($user['invisible'] == 1 && $mybb->usergroup['canbeinvisible'] == 1)  
```  
[Fixed Code]  
```php  
if($user['invisible'] == 1)  
```  

Note: While the diff shows changes to template variables and conditional checks, the actual security vulnerabilities exist in the unchanged lines where user input ($thread['notes'] and $user['invisible']) is not properly sanitized before output. The function context shows that my_substr handles entities, but the overall output encoding context is unclear. The removal of the 'canbeinvisible' check could potentially expose invisible user information.

[mybb_1839_build→mybb_1839] inc/functions_search.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1839/inc/functions_search.php	2025-11-13 17:29:22.662142242 +0000+++ cache/mybb_mybb_1839_build/inc/functions_search.php	2025-11-13 17:29:23.428190772 +0000@@ -1421,7 +1421,7 @@ 		$query = $db->query(" 			SELECT t.tid, t.firstpost 			FROM ".TABLE_PREFIX."threads t-			WHERE 1=1 {$thread_datecut} {$thread_replycut} {$thread_prefixcut} {$forumin} {$thread_usersql} {$permsql} {$visiblesql} AND ({$unapproved_where_t}) {$subject_lookin}+			WHERE 1=1 {$thread_datecut} {$thread_replycut} {$thread_prefixcut} {$forumin} {$thread_usersql} {$permsql} {$visiblesql} {$subject_lookin} 			{$limitsql} 		"); 		while($thread = $db->fetch_array($query))@@ -1772,7 +1772,7 @@ 		$query = $db->query(" 			SELECT t.tid, t.firstpost 			FROM ".TABLE_PREFIX."threads t-			WHERE 1=1 {$thread_datecut} {$thread_replycut} {$thread_prefixcut} {$forumin} {$thread_usersql} {$permsql} {$visiblesql} AND ({$unapproved_where_t}) {$subject_lookin}+			WHERE 1=1 {$thread_datecut} {$thread_replycut} {$thread_prefixcut} {$forumin} {$thread_usersql} {$permsql} {$visiblesql} {$subject_lookin} 			{$limitsql} 		"); 		while($thread = $db->fetch_array($query))

AI Analysis

Vulnerability Existed: yes  
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - inc/functions_search.php [1421, 1772]  
Old Code:  
```sql  
WHERE 1=1 {$thread_datecut} {$thread_replycut} {$thread_prefixcut} {$forumin} {$thread_usersql} {$permsql} {$visiblesql} AND ({$unapproved_where_t}) {$subject_lookin}  
```  
Fixed Code:  
```sql  
WHERE 1=1 {$thread_datecut} {$thread_replycut} {$thread_prefixcut} {$forumin} {$thread_usersql} {$permsql} {$visiblesql} {$subject_lookin}  
```

[mybb_1839_build→mybb_1839] install/upgrade.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1839/install/upgrade.php	2025-11-13 17:29:22.685143699 +0000+++ cache/mybb_mybb_1839_build/install/upgrade.php	2025-11-13 17:29:23.470193433 +0000@@ -422,16 +422,8 @@ 		$bits = explode("_", $mybb->input['action'], 2); 		if(!empty($bits[1])) // We're still running a module 		{-			if(ctype_alnum($bits[0]))-			{-				$from = $bits[0];-			}-			else-			{-				$from = 0;-			}--			$runfunction = next_function($from, $bits[1]);+			$from = $bits[0];+			$runfunction = next_function($bits[0], $bits[1]);  		} 	}@@ -768,11 +760,6 @@ { 	global $oldvers, $system_upgrade_detail, $currentscript, $cache; -	if(!ctype_alnum($from))-	{-		$from = 0;-	}- 	load_module("upgrade".$from.".php"); 	if(function_exists("upgrade".$from."_".$func)) 	{

AI Analysis

Vulnerability Existed: yes
CWE-20 - Improper Input Validation - install/upgrade.php [422-432]
[Old Code]
		$bits = explode("_", $mybb->input['action'], 2);
		if(!empty($bits[1])) // We're still running a module
		{
			if(ctype_alnum($bits[0]))
			{
				$from = $bits[0];
			}
			else
			{
				$from = 0;
			}

			$runfunction = next_function($from, $bits[1]);
		}
[Fixed Code]
		$bits = explode("_", $mybb->input['action'], 2);
		if(!empty($bits[1])) // We're still running a module
		{
			$from = $bits[0];
			$runfunction = next_function($bits[0], $bits[1]);
		}

Vulnerability Existed: yes
CWE-20 - Improper Input Validation - install/upgrade.php [768-771]
[Old Code]
{
	global $oldvers, $system_upgrade_detail, $currentscript, $cache;

	if(!ctype_alnum($from))
	{
		$from = 0;
	}

	load_module("upgrade".$from.".php");
[Fixed Code]
{
	global $oldvers, $system_upgrade_detail, $currentscript, $cache;

	load_module("upgrade".$from.".php");

[mybb_1839→mybb_1838_build] admin/inc/class_page.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1838_build/admin/inc/class_page.php	2025-11-13 17:29:36.642028011 +0000+++ cache/mybb_mybb_1839/admin/inc/class_page.php	2025-11-13 17:29:22.619139518 +0000@@ -422,7 +422,7 @@ 		} 		// Make query string nice and pretty so that user can go to his/her preferred destination 		$query_string = '';-		if($_SERVER['QUERY_STRING'])+		if(isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] != '') 		{ 			$query_string = '?'.preg_replace('#adminsid=(.{32})#i', '', $_SERVER['QUERY_STRING']); 			$query_string = preg_replace('#my_post_key=(.{32})#i', '', $query_string);

AI Analysis

Vulnerability Existed: yes  
CWE-473 - PHP External Variable Modification - admin/inc/class_page.php [422]  
Old Code:  
```php
if($_SERVER['QUERY_STRING'])
```  
Fixed Code:  
```php
if(isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] != '')
```

[mybb_1839→mybb_1838_build] admin/inc/functions.php AI: Not Sure

--- cache/mybb_mybb_1838_build/admin/inc/functions.php	2025-11-13 17:29:36.642028011 +0000+++ cache/mybb_mybb_1839/admin/inc/functions.php	2025-11-13 17:29:22.620139581 +0000@@ -528,6 +528,7 @@     switch($mysql_encoding[0])     {         case "utf8":+        case "utf8mb3":             return "utf-8"; 			break;         case "latin1":@@ -881,4 +882,4 @@ 	</p> </div> HTML;-}\ No newline at end of file+}

AI Analysis

Vulnerability Existed: not sure  
[CWE-Unknown] - Unknown - admin/inc/functions.php 528-532  
[Old Code]  
```php  
switch($mysql_encoding[0])  
{  
    case "utf8":  
        return "utf-8";  
        break;  
```  
[Fixed Code]  
```php  
switch($mysql_encoding[0])  
{  
    case "utf8":  
    case "utf8mb3":  
        return "utf-8";  
        break;  
```

[mybb_1839→mybb_1838_build] admin/modules/config/calendars.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1838_build/admin/modules/config/calendars.php	2025-11-13 17:29:36.653028708 +0000+++ cache/mybb_mybb_1839/admin/modules/config/calendars.php	2025-11-13 17:29:22.631140278 +0000@@ -426,10 +426,13 @@  	foreach($mybb->input['disporder'] as $cid => $order) 	{-		$update_query = array(-			"disporder" => (int)$order-		);-		$db->update_query("calendars", $update_query, "cid='".(int)$cid."'");+		if(is_numeric($order) && (int)$order >= 0)+		{+			$update_query = array(+				"disporder" => (int)$order+			);+			$db->update_query("calendars", $update_query, "cid='".(int)$cid."'");+		} 	}  	$plugins->run_hooks("admin_config_calendars_update_order_commit");

AI Analysis

Vulnerability Existed: yes  
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - admin/modules/config/calendars.php [426-432]  
Old Code:  
```php
foreach($mybb->input['disporder'] as $cid => $order)
{
    $update_query = array(
        "disporder" => (int)$order
    );
    $db->update_query("calendars", $update_query, "cid='".(int)$cid."'");
}
```  
Fixed Code:  
```php
foreach($mybb->input['disporder'] as $cid => $order)
{
    if(is_numeric($order) && (int)$order >= 0)
    {
        $update_query = array(
            "disporder" => (int)$order
        );
        $db->update_query("calendars", $update_query, "cid='".(int)$cid."'");
    }
}
```

[mybb_1839→mybb_1838_build] admin/modules/config/plugins.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1838_build/admin/modules/config/plugins.php	2025-11-13 17:29:36.654028772 +0000+++ cache/mybb_mybb_1839/admin/modules/config/plugins.php	2025-11-13 17:29:22.632140341 +0000@@ -603,6 +603,8 @@  */ function get_plugins_list() {+	$plugins_list = array();+ 	// Get a list of the plugin files which exist in the plugins directory 	$dir = @opendir(MYBB_ROOT."inc/plugins/"); 	if($dir)

AI Analysis

Vulnerability Existed: yes
CWE-434: Unrestricted Upload of File with Dangerous Type - CWE-434 - admin/modules/config/plugins.php Lines 603+
[Old Code]
function get_plugins_list()
{
	// Get a list of the plugin files which exist in the plugins directory
	$dir = @opendir(MYBB_ROOT."inc/plugins/");
	if($dir)
[Fixed Code]
function get_plugins_list()
{
	$plugins_list = array();

	// Get a list of the plugin files which exist in the plugins directory
	$dir = @opendir(MYBB_ROOT."inc/plugins/");
	if($dir)

Vulnerability Existed: yes
CWE-200: Information Exposure - CWE-200 - admin/modules/config/plugins.php Lines 603+
[Old Code]
function get_plugins_list()
{
	// Get a list of the plugin files which exist in the plugins directory
	$dir = @opendir(MYBB_ROOT."inc/plugins/");
	if($dir)
[Fixed Code]
function get_plugins_list()
{
	$plugins_list = array();

	// Get a list of the plugin files which exist in the plugins directory
	$dir = @opendir(MYBB_ROOT."inc/plugins/");
	if($dir)

Note: While the diff shows only the initialization of `$plugins_list`, the vulnerability context suggests this is part of a larger fix for arbitrary file upload/execution. The uninitialized variable could lead to unexpected behavior that might be exploited in combination with file upload functionality. The CWE-434 classification is based on the broader context of plugin file handling.

[mybb_1839→mybb_1838_build] admin/modules/config/report_reasons.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1838_build/admin/modules/config/report_reasons.php	2025-11-13 17:29:36.654028772 +0000+++ cache/mybb_mybb_1839/admin/modules/config/report_reasons.php	2025-11-13 17:29:22.633140405 +0000@@ -294,7 +294,10 @@ 		{ 			foreach($mybb->input['disporder'] as $rid => $order) 			{-				$db->update_query("reportreasons", array('disporder' => (int)$order), "rid='".(int)$rid."'");+				if(is_numeric($order) && (int)$order >= 0)+				{+					$db->update_query("reportreasons", array('disporder' => (int)$order), "rid='".(int)$rid."'");+				} 			}  			$plugins->run_hooks("admin_config_report_reasons_start_commit");@@ -356,7 +359,7 @@ 		$form_container->output_cell(htmlspecialchars_uni($reasons['title'])); 		$form_container->output_cell(htmlspecialchars_uni($reasons['appliesto'])); 		$form_container->output_cell("<div>{$icon}</div>", array("class" => "align_center"));-		$form_container->output_cell("<input type=\"text\" name=\"disporder[{$reasons['rid']}]\" value=\"{$reasons['disporder']}\" class=\"text_input align_center\" style=\"width: 80%;\" />", array("class" => "align_center"));+		$form_container->output_cell("<input type=\"number\" name=\"disporder[{$reasons['rid']}]\" value=\"{$reasons['disporder']}\" min=\"0\" class=\"text_input align_center\" style=\"width: 80%;\" />", array("class" => "align_center")); 		$popup = new PopupMenu("reasons_{$reasons['rid']}", $lang->options); 		$popup->add_item($lang->edit_reason, "index.php?module=config-report_reasons&amp;action=edit&amp;rid={$reasons['rid']}"); 		$popup->add_item($lang->delete_reason, "index.php?module=config-report_reasons&amp;action=delete&amp;rid={$reasons['rid']}&amp;my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, '{$lang->confirm_reason_deletion}')");

AI Analysis

Vulnerability Existed: yes  
CWE-1284 - Improper Validation of Specified Quantity in Input - admin/modules/config/report_reasons.php [294-298]  
Old Code:  
```php
foreach($mybb->input['disporder'] as $rid => $order)
{
    $db->update_query("reportreasons", array('disporder' => (int)$order), "rid='".(int)$rid."'");
}
```  
Fixed Code:  
```php
foreach($mybb->input['disporder'] as $rid => $order)
{
    if(is_numeric($order) && (int)$order >= 0)
    {
        $db->update_query("reportreasons", array('disporder' => (int)$order), "rid='".(int)$rid."'");
    }
}
```

Vulnerability Existed: yes  
CWE-1284 - Improper Validation of Specified Quantity in Input - admin/modules/config/report_reasons.php [356]  
Old Code:  
```php
$form_container->output_cell("<input type=\"text\" name=\"disporder[{$reasons['rid']}]\" value=\"{$reasons['disporder']}\" class=\"text_input align_center\" style=\"width: 80%;\" />", array("class" => "align_center"));
```  
Fixed Code:  
```php
$form_container->output_cell("<input type=\"number\" name=\"disporder[{$reasons['rid']}]\" value=\"{$reasons['disporder']}\" min=\"0\" class=\"text_input align_center\" style=\"width: 80%;\" />", array("class" => "align_center"));
```

[mybb_1839→mybb_1838_build] admin/modules/forum/management.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1838_build/admin/modules/forum/management.php	2025-11-13 17:29:36.656028898 +0000+++ cache/mybb_mybb_1839/admin/modules/forum/management.php	2025-11-13 17:29:22.635140531 +0000@@ -1199,23 +1199,21 @@ 	foreach($usergroups as $usergroup) 	{ 		$perms = array();-		if(!empty($mybb->input['default_permissions'][$usergroup['gid']]))++		if(isset($existing_permissions) && is_array($existing_permissions) && $existing_permissions[$usergroup['gid']]) 		{-			if(isset($existing_permissions) && is_array($existing_permissions) && $existing_permissions[$usergroup['gid']])-			{-				$perms = $existing_permissions[$usergroup['gid']];-				$default_checked = false;-			}-			elseif(is_array($cached_forum_perms) && isset($forum_data['fid']) && !empty($cached_forum_perms[$forum_data['fid']][$usergroup['gid']]))-			{-				$perms = $cached_forum_perms[$forum_data['fid']][$usergroup['gid']];-				$default_checked = true;-			}-			else if(is_array($cached_forum_perms) && isset($forum_data['fid']) && !empty($cached_forum_perms[$forum_data['pid']][$usergroup['gid']]))-			{-				$perms = $cached_forum_perms[$forum_data['pid']][$usergroup['gid']];-				$default_checked = true;-			}+			$perms = $existing_permissions[$usergroup['gid']];+			$default_checked = false;+		}+		elseif(is_array($cached_forum_perms) && isset($forum_data['fid']) && !empty($cached_forum_perms[$forum_data['fid']][$usergroup['gid']]))+		{+			$perms = $cached_forum_perms[$forum_data['fid']][$usergroup['gid']];+			$default_checked = true;+		}+		else if(is_array($cached_forum_perms) && isset($forum_data['pid']) && !empty($cached_forum_perms[$forum_data['pid']][$usergroup['gid']]))+		{+			$perms = $cached_forum_perms[$forum_data['pid']][$usergroup['gid']];+			$default_checked = true; 		}  		if(!$perms)@@ -2322,7 +2320,10 @@ 			{ 				foreach($mybb->input['disporder'] as $update_fid => $order) 				{-					$db->update_query("forums", array('disporder' => (int)$order), "fid='".(int)$update_fid."'");+					if(is_numeric($order) && (int)$order >= 0)+					{+						$db->update_query("forums", array('disporder' => (int)$order), "fid='".(int)$update_fid."'");+					} 				}  				$plugins->run_hooks("admin_forum_management_start_disporder_commit");@@ -3032,4 +3033,3 @@ 	$form_container->construct_row(); 	return $form_container->output_row_cells(0, true); }-

AI Analysis

Vulnerability Existed: yes  
CWE-639: Authorization Bypass Through User-Controlled Key - CWE-639 - admin/modules/forum/management.php [1199-1221]  
Old Code:  
```php
if(!empty($mybb->input['default_permissions'][$usergroup['gid']]))
{
    if(isset($existing_permissions) && is_array($existing_permissions) && $existing_permissions[$usergroup['gid']])
    {
        $perms = $existing_permissions[$usergroup['gid']];
        $default_checked = false;
    }
    elseif(is_array($cached_forum_perms) && isset($forum_data['fid']) && !empty($cached_forum_perms[$forum_data['fid']][$usergroup['gid']]))
    {
        $perms = $cached_forum_perms[$forum_data['fid']][$usergroup['gid']];
        $default_checked = true;
    }
    else if(is_array($cached_forum_perms) && isset($forum_data['fid']) && !empty($cached_forum_perms[$forum_data['pid']][$usergroup['gid']]))
    {
        $perms = $cached_forum_perms[$forum_data['pid']][$usergroup['gid']];
        $default_checked = true;
    }
}
```  
Fixed Code:  
```php
if(isset($existing_permissions) && is_array($existing_permissions) && $existing_permissions[$usergroup['gid']])
{
    $perms = $existing_permissions[$usergroup['gid']];
    $default_checked = false;
}
elseif(is_array($cached_forum_perms) && isset($forum_data['fid']) && !empty($cached_forum_perms[$forum_data['fid']][$usergroup['gid']]))
{
    $perms = $cached_forum_perms[$forum_data['fid']][$usergroup['gid']];
    $default_checked = true;
}
else if(is_array($cached_forum_perms) && isset($forum_data['pid']) && !empty($cached_forum_perms[$forum_data['pid']][$usergroup['gid']]))
{
    $perms = $cached_forum_perms[$forum_data['pid']][$usergroup['gid']];
    $default_checked = true;
}
```

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE-20 - admin/modules/forum/management.php [2322-2325]  
Old Code:  
```php
foreach($mybb->input['disporder'] as $update_fid => $order)
{
    $db->update_query("forums", array('disporder' => (int)$order), "fid='".(int)$update_fid."'");
}
```  
Fixed Code:  
```php
foreach($mybb->input['disporder'] as $update_fid => $order)
{
    if(is_numeric($order) && (int)$order >= 0)
    {
        $db->update_query("forums", array('disporder' => (int)$order), "fid='".(int)$update_fid."'");
    }
}
```

[mybb_1839→mybb_1838_build] admin/modules/tools/backupdb.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1838_build/admin/modules/tools/backupdb.php	2025-11-13 17:29:36.658029025 +0000+++ cache/mybb_mybb_1839/admin/modules/tools/backupdb.php	2025-11-13 17:29:22.637140658 +0000@@ -100,8 +100,9 @@ 	}  	$file = basename($mybb->input['file']);+    $ext = get_extension($file); -	if(!trim($mybb->input['file']) || !file_exists(MYBB_ADMIN_DIR.'backups/'.$file))+    if(!trim($mybb->input['file']) || !file_exists(MYBB_ADMIN_DIR.'backups/'.$file) || filetype(MYBB_ADMIN_DIR.'backups/'.$file) != 'file' || ($ext != 'gz' && $ext != 'sql')) 	{ 		flash_message($lang->error_backup_doesnt_exist, 'error'); 		admin_redirect("index.php?module=tools-backupdb");

AI Analysis

Vulnerability Existed: yes  
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') - admin/modules/tools/backupdb.php [100-104]  
Old Code:  
```php
	$file = basename($mybb->input['file']);

	if(!trim($mybb->input['file']) || !file_exists(MYBB_ADMIN_DIR.'backups/'.$file))
```  
Fixed Code:  
```php
	$file = basename($mybb->input['file']);
    $ext = get_extension($file);

    if(!trim($mybb->input['file']) || !file_exists(MYBB_ADMIN_DIR.'backups/'.$file) || filetype(MYBB_ADMIN_DIR.'backups/'.$file) != 'file' || ($ext != 'gz' && $ext != 'sql'))
```

Vulnerability Existed: yes  
CWE-73 - External Control of File Name or Path - admin/modules/tools/backupdb.php [100-104]  
Old Code:  
```php
	$file = basename($mybb->input['file']);

	if(!trim($mybb->input['file']) || !file_exists(MYBB_ADMIN_DIR.'backups/'.$file))
```  
Fixed Code:  
```php
	$file = basename($mybb->input['file']);
    $ext = get_extension($file);

    if(!trim($mybb->input['file']) || !file_exists(MYBB_ADMIN_DIR.'backups/'.$file) || filetype(MYBB_ADMIN_DIR.'backups/'.$file) != 'file' || ($ext != 'gz' && $ext != 'sql'))
```

[mybb_1839→mybb_1838_build] admin/modules/user/groups.php AI: 4 vulnerabilities

--- cache/mybb_mybb_1838_build/admin/modules/user/groups.php	2025-11-13 17:29:36.661029215 +0000+++ cache/mybb_mybb_1839/admin/modules/user/groups.php	2025-11-13 17:29:22.639140785 +0000@@ -99,6 +99,8 @@ 	die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined."); } +$errors = array();+ $page->add_breadcrumb_item($lang->user_groups, "index.php?module=user-groups");  if($mybb->input['action'] == "add" || !$mybb->input['action'])@@ -341,7 +343,7 @@ 	}  	// No errors, insert-	if(!$errors)+	if(empty($errors)) 	{ 		$new_leader = array( 			"gid" => $group['gid'],@@ -466,7 +468,7 @@  	$form = new Form("index.php?module=user-groups&amp;action=add_leader&amp;gid={$group['gid']}", "post"); -	if($errors)+	if(!empty($errors)) 	{ 		$page->output_inline_error($errors); 	}@@ -483,9 +485,9 @@  	$form_container = new FormContainer($lang->add_group_leader.' '.htmlspecialchars_uni($group['title'])); 	$form_container->output_row($lang->username." <em>*</em>", "", $form->generate_text_box('username', htmlspecialchars_uni($mybb->get_input('username')), array('id' => 'username')), 'username');-	$form_container->output_row($lang->can_manage_group_members, $lang->can_manage_group_members_desc, $form->generate_yes_no_radio('canmanagemembers', $mybb->input['canmanagemembers']));-	$form_container->output_row($lang->can_manage_group_join_requests, $lang->can_manage_group_join_requests_desc, $form->generate_yes_no_radio('canmanagerequests', $mybb->input['canmanagerequests']));-	$form_container->output_row($lang->can_invite_group_members, $lang->can_invite_group_members_desc, $form->generate_yes_no_radio('caninvitemembers', $mybb->input['caninvitemembers']));+	$form_container->output_row($lang->can_manage_group_members, $lang->can_manage_group_members_desc, $form->generate_yes_no_radio('canmanagemembers', $mybb->get_input('canmanagemembers', MyBB::INPUT_INT)));+	$form_container->output_row($lang->can_manage_group_join_requests, $lang->can_manage_group_join_requests_desc, $form->generate_yes_no_radio('canmanagerequests', $mybb->get_input('canmanagerequests', MyBB::INPUT_INT)));+	$form_container->output_row($lang->can_invite_group_members, $lang->can_invite_group_members_desc, $form->generate_yes_no_radio('caninvitemembers', $mybb->get_input('caninvitemembers', MyBB::INPUT_INT))); 	$form_container->output_row($lang->make_user_member, $lang->make_user_member_desc, $form->generate_yes_no_radio('makeleadermember', $mybb->input['makeleadermember'])); 	$form_container->end(); @@ -625,7 +627,7 @@ 		admin_redirect("index.php?module=user-groups&action=leaders&gid={$group['gid']}"); 	} -	if(!$errors)+	if(empty($errors)) 	{ 		$mybb->input = array_merge($mybb->input, $leader); 	}@@ -650,9 +652,9 @@ 	$form_container = new FormContainer($lang->edit_group_leader); 	$form_container->output_row($lang->username." <em>*</em>", "", $leader['username']); -	$form_container->output_row($lang->can_manage_group_members, $lang->can_manage_group_members_desc, $form->generate_yes_no_radio('canmanagemembers', $mybb->input['canmanagemembers']));-	$form_container->output_row($lang->can_manage_group_join_requests, $lang->can_manage_group_join_requests_desc, $form->generate_yes_no_radio('canmanagerequests', $mybb->input['canmanagerequests']));-	$form_container->output_row($lang->can_invite_group_members, $lang->can_invite_group_members_desc, $form->generate_yes_no_radio('caninvitemembers', $mybb->input['caninvitemembers']));+	$form_container->output_row($lang->can_manage_group_members, $lang->can_manage_group_members_desc, $form->generate_yes_no_radio('canmanagemembers', $mybb->get_input('canmanagemembers', MyBB::INPUT_INT)));+	$form_container->output_row($lang->can_manage_group_join_requests, $lang->can_manage_group_join_requests_desc, $form->generate_yes_no_radio('canmanagerequests', $mybb->get_input('canmanagerequests', MyBB::INPUT_INT)));+	$form_container->output_row($lang->can_invite_group_members, $lang->can_invite_group_members_desc, $form->generate_yes_no_radio('caninvitemembers', $mybb->get_input('caninvitemembers', MyBB::INPUT_INT))); 	$buttons[] = $form->generate_submit_button($lang->save_group_leader);  	$form_container->end();@@ -678,7 +680,7 @@ 			$errors[] = $lang->error_missing_namestyle_username; 		} -		if(!$errors)+		if(empty($errors)) 		{ 			if($mybb->get_input('stars') < 1) 			{@@ -762,7 +764,7 @@ 	$page->output_nav_tabs($sub_tabs, 'add_group'); 	$form = new Form("index.php?module=user-groups&amp;action=add", "post"); -	if($errors)+	if(!empty($errors)) 	{ 		$page->output_inline_error($errors); 	}@@ -834,7 +836,7 @@ 			$errors[] = $lang->error_cannot_have_both_types; 		} -		if(!$errors)+		if(empty($errors)) 		{ 			if($mybb->get_input('joinable') == 1) 			{@@ -1001,7 +1003,7 @@ 	$page->output_nav_tabs($sub_tabs, 'edit_group');  	// If we have any error messages, show them-	if($errors)+	if(!empty($errors)) 	{ 		$page->output_inline_error($errors); 	}@@ -1069,12 +1071,12 @@ 	$form_container->output_row($lang->group_image, $lang->group_image_desc, $form->generate_text_box('image', $mybb->input['image'], array('id' => 'image')), 'image');  	$general_options = array();-	$general_options[] = $form->generate_check_box("showmemberlist", 1, $lang->member_list, array("checked" => $mybb->input['showmemberlist']));+	$general_options[] = $form->generate_check_box("showmemberlist", 1, $lang->member_list, array("checked" => $mybb->get_input('showmemberlist', MyBB::INPUT_INT))); 	if($usergroup['gid'] != "1" && $usergroup['gid'] != "5") 	{-		$general_options[] = $form->generate_check_box("showforumteam", 1, $lang->forum_team, array("checked" => $mybb->input['showforumteam']));+		$general_options[] = $form->generate_check_box("showforumteam", 1, $lang->forum_team, array("checked" => $mybb->get_input('showforumteam', MyBB::INPUT_INT))); 	}-	$general_options[] =	$form->generate_check_box("isbannedgroup", 1, $lang->is_banned_group, array("checked" => $mybb->input['isbannedgroup']));+	$general_options[] =	$form->generate_check_box("isbannedgroup", 1, $lang->is_banned_group, array("checked" => $mybb->get_input('isbannedgroup', MyBB::INPUT_INT)));  	$form_container->output_row($lang->general_options, "", "<div class=\"group_settings_bit\">".implode("</div><div class=\"group_settings_bit\">", $general_options)."</div>"); @@ -1082,17 +1084,17 @@ 	{ 		$public_options = array( 			$form->generate_check_box("joinable", 1, $lang->user_joinable, array("checked" => $mybb->input['joinable'])),-			$form->generate_check_box("moderate", 1, $lang->moderate_join_requests, array("checked" => $mybb->input['moderate'])),+			$form->generate_check_box("moderate", 1, $lang->moderate_join_requests, array("checked" => $mybb->get_input('moderate', MyBB::INPUT_INT))), 			$form->generate_check_box("invite", 1, $lang->invite_only, array("checked" => $mybb->input['invite'])),-			$form->generate_check_box("candisplaygroup", 1, $lang->can_set_as_display_group, array("checked" => $mybb->input['candisplaygroup'])),+			$form->generate_check_box("candisplaygroup", 1, $lang->can_set_as_display_group, array("checked" => $mybb->get_input('candisplaygroup', MyBB::INPUT_INT))), 			); 		$form_container->output_row($lang->publicly_joinable_options, "", "<div class=\"group_settings_bit\">".implode("</div><div class=\"group_settings_bit\">", $public_options)."</div>"); 	}  	$admin_options = array(-		$form->generate_check_box("issupermod", 1, $lang->is_super_mod, array("checked" => $mybb->input['issupermod'])),-		$form->generate_check_box("canmodcp", 1, $lang->can_access_mod_cp, array("checked" => $mybb->input['canmodcp'])),-		$form->generate_check_box("cancp", 1, $lang->can_access_admin_cp, array("checked" => $mybb->input['cancp']))+		$form->generate_check_box("issupermod", 1, $lang->is_super_mod, array("checked" => $mybb->get_input('issupermod', MyBB::INPUT_INT))),+		$form->generate_check_box("canmodcp", 1, $lang->can_access_mod_cp, array("checked" => $mybb->get_input('canmodcp', MyBB::INPUT_INT))),+		$form->generate_check_box("cancp", 1, $lang->can_access_admin_cp, array("checked" => $mybb->get_input('cancp', MyBB::INPUT_INT))) 	); 	$form_container->output_row($lang->moderation_administration_options, "", "<div class=\"group_settings_bit\">".implode("</div><div class=\"group_settings_bit\">", $admin_options)."</div>"); @@ -1106,40 +1108,40 @@ 	$form_container = new FormContainer($lang->forums_posts);  	$viewing_options = array(-		$form->generate_check_box("canview", 1, $lang->can_view_board, array("checked" => $mybb->input['canview'])),-		$form->generate_check_box("canviewthreads", 1, $lang->can_view_threads, array("checked" => $mybb->input['canviewthreads'])),-		$form->generate_check_box("cansearch", 1, $lang->can_search_forums, array("checked" => $mybb->input['cansearch'])),-		$form->generate_check_box("canviewprofiles", 1, $lang->can_view_profiles, array("checked" => $mybb->input['canviewprofiles'])),-		$form->generate_check_box("candlattachments", 1, $lang->can_download_attachments, array("checked" => $mybb->input['candlattachments'])),-		$form->generate_check_box("canviewboardclosed", 1, $lang->can_view_board_closed, array("checked" => $mybb->input['canviewboardclosed']))+		$form->generate_check_box("canview", 1, $lang->can_view_board, array("checked" => $mybb->get_input('canview', MyBB::INPUT_INT))),+		$form->generate_check_box("canviewthreads", 1, $lang->can_view_threads, array("checked" => $mybb->get_input('canviewthreads', MyBB::INPUT_INT))),+		$form->generate_check_box("cansearch", 1, $lang->can_search_forums, array("checked" => $mybb->get_input('cansearch', MyBB::INPUT_INT))),+		$form->generate_check_box("canviewprofiles", 1, $lang->can_view_profiles, array("checked" => $mybb->get_input('canviewprofiles', MyBB::INPUT_INT))),+		$form->generate_check_box("candlattachments", 1, $lang->can_download_attachments, array("checked" => $mybb->get_input('candlattachments', MyBB::INPUT_INT))),+		$form->generate_check_box("canviewboardclosed", 1, $lang->can_view_board_closed, array("checked" => $mybb->get_input('canviewboardclosed', MyBB::INPUT_INT))) 	); 	$form_container->output_row($lang->viewing_options, "", "<div class=\"group_settings_bit\">".implode("</div><div class=\"group_settings_bit\">", $viewing_options)."</div>");  	$posting_options = array(-		$form->generate_check_box("canpostthreads", 1, $lang->can_post_threads, array("checked" => $mybb->input['canpostthreads'])),-		$form->generate_check_box("canpostreplys", 1, $lang->can_post_replies, array("checked" => $mybb->input['canpostreplys'])),-		$form->generate_check_box("canratethreads", 1, $lang->can_rate_threads, array("checked" => $mybb->input['canratethreads'])),+		$form->generate_check_box("canpostthreads", 1, $lang->can_post_threads, array("checked" => $mybb->get_input('canpostthreads', MyBB::INPUT_INT))),+		$form->generate_check_box("canpostreplys", 1, $lang->can_post_replies, array("checked" => $mybb->get_input('canpostreplys', MyBB::INPUT_INT))),+		$form->generate_check_box("canratethreads", 1, $lang->can_rate_threads, array("checked" => $mybb->get_input('canratethreads', MyBB::INPUT_INT))), 		"{$lang->max_posts_per_day}<br /><small class=\"input\">{$lang->max_posts_per_day_desc}</small><br />".$form->generate_numeric_field('maxposts', $mybb->input['maxposts'], array('id' => 'maxposts', 'class' => 'field50', 'min' => 0)) 	); 	$form_container->output_row($lang->posting_rating_options, "", "<div class=\"group_settings_bit\">".implode("</div><div class=\"group_settings_bit\">", $posting_options)."</div>");  	$moderator_options = array(-		$form->generate_check_box("modposts", 1, $lang->mod_new_posts, array("checked" => $mybb->input['modposts'])),-		$form->generate_check_box("modthreads", 1, $lang->mod_new_threads, array("checked" => $mybb->input['modthreads'])),-		$form->generate_check_box("modattachments", 1, $lang->mod_new_attachments, array("checked" => $mybb->input['modattachments'])),-		$form->generate_check_box("mod_edit_posts", 1, $lang->mod_after_edit, array("checked" => $mybb->input['mod_edit_posts']))+		$form->generate_check_box("modposts", 1, $lang->mod_new_posts, array("checked" => $mybb->get_input('modposts', MyBB::INPUT_INT))),+		$form->generate_check_box("modthreads", 1, $lang->mod_new_threads, array("checked" => $mybb->get_input('modthreads', MyBB::INPUT_INT))),+		$form->generate_check_box("modattachments", 1, $lang->mod_new_attachments, array("checked" => $mybb->get_input('modattachments', MyBB::INPUT_INT))),+		$form->generate_check_box("mod_edit_posts", 1, $lang->mod_after_edit, array("checked" => $mybb->get_input('mod_edit_posts', MyBB::INPUT_INT))) 	); 	$form_container->output_row($lang->moderation_options, "", "<div class=\"group_settings_bit\">".implode("</div><div class=\"group_settings_bit\">", $moderator_options)."</div>");  	$poll_options = array(-		$form->generate_check_box("canpostpolls", 1, $lang->can_post_polls, array("checked" => $mybb->input['canpostpolls'])),-		$form->generate_check_box("canvotepolls", 1, $lang->can_vote_polls, array("checked" => $mybb->input['canvotepolls'])),-		$form->generate_check_box("canundovotes", 1, $lang->can_undo_votes, array("checked" => $mybb->input['canundovotes']))+		$form->generate_check_box("canpostpolls", 1, $lang->can_post_polls, array("checked" => $mybb->get_input('canpostpolls', MyBB::INPUT_INT))),+		$form->generate_check_box("canvotepolls", 1, $lang->can_vote_polls, array("checked" => $mybb->get_input('canvotepolls', MyBB::INPUT_INT))),+		$form->generate_check_box("canundovotes", 1, $lang->can_undo_votes, array("checked" => $mybb->get_input('canundovotes', MyBB::INPUT_INT))) 	); 	$form_container->output_row($lang->poll_options, "", "<div class=\"group_settings_bit\">".implode("</div><div class=\"group_settings_bit\">", $poll_options)."</div>");  	$attachment_options = array(-		$form->generate_check_box("canpostattachments", 1, $lang->can_post_attachments, array("checked" => $mybb->input['canpostattachments'])),+		$form->generate_check_box("canpostattachments", 1, $lang->can_post_attachments, array("checked" => $mybb->get_input('canpostattachments', MyBB::INPUT_INT))), 		"{$lang->attach_quota}<br /><small class=\"input\">{$lang->attach_quota_desc}</small><br />".$form->generate_numeric_field('attachquota', $mybb->input['attachquota'], array('id' => 'attachquota', 'class' => 'field50', 'min' => 0)). "KB" 	); 	$form_container->output_row($lang->attachment_options, "", "<div class=\"group_settings_bit\">".implode("</div><div class=\"group_settings_bit\">", $attachment_options)."</div>");@@ -1148,11 +1150,11 @@ 	if($usergroup['gid'] != 1) 	{ 		$editing_options = array(-			$form->generate_check_box("caneditposts", 1, $lang->can_edit_posts, array("checked" => $mybb->input['caneditposts'])),-			$form->generate_check_box("candeleteposts", 1, $lang->can_delete_posts, array("checked" => $mybb->input['candeleteposts'])),-			$form->generate_check_box("candeletethreads", 1, $lang->can_delete_threads, array("checked" => $mybb->input['candeletethreads'])),-			$form->generate_check_box("caneditattachments", 1, $lang->can_edit_attachments, array("checked" => $mybb->input['caneditattachments'])),-			$form->generate_check_box("canviewdeletionnotice", 1, $lang->can_view_deletion_notices, array("checked" => $mybb->input['canviewdeletionnotice'])),+			$form->generate_check_box("caneditposts", 1, $lang->can_edit_posts, array("checked" => $mybb->get_input('caneditposts', MyBB::INPUT_INT))),+			$form->generate_check_box("candeleteposts", 1, $lang->can_delete_posts, array("checked" => $mybb->get_input('candeleteposts', MyBB::INPUT_INT))),+			$form->generate_check_box("candeletethreads", 1, $lang->can_delete_threads, array("checked" => $mybb->get_input('candeletethreads', MyBB::INPUT_INT))),+			$form->generate_check_box("caneditattachments", 1, $lang->can_edit_attachments, array("checked" => $mybb->get_input('caneditattachments', MyBB::INPUT_INT))),+			$form->generate_check_box("canviewdeletionnotice", 1, $lang->can_view_deletion_notices, array("checked" => $mybb->get_input('canviewdeletionnotice', MyBB::INPUT_INT))), 			"{$lang->edit_time_limit}<br /><small class=\"input\">{$lang->edit_time_limit_desc}</small><br />".$form->generate_numeric_field('edittimelimit', $mybb->input['edittimelimit'], array('id' => 'edittimelimit', 'class' => 'field50', 'min' => 0)) 		); 		$form_container->output_row($lang->editing_deleting_options, "", "<div class=\"group_settings_bit\">".implode("</div><div class=\"group_settings_bit\">", $editing_options)."</div>");@@ -1168,23 +1170,23 @@ 	$form_container = new FormContainer($lang->users_permissions);  	$account_options = array(-		$form->generate_check_box("canbereported", 1, $lang->can_be_reported, array("checked" => $mybb->input['canbereported'])),-		$form->generate_check_box("canbeinvisible", 1, $lang->can_be_invisible, array("checked" => $mybb->input['canbeinvisible'])),-		$form->generate_check_box("canusercp", 1, $lang->can_access_usercp, array("checked" => $mybb->input['canusercp'])),-		$form->generate_check_box("canchangename", 1, $lang->can_change_username, array("checked" => $mybb->input['canchangename'])),-		$form->generate_check_box("cancustomtitle", 1, $lang->can_use_usertitles, array("checked" => $mybb->input['cancustomtitle'])),-		$form->generate_check_box("canuploadavatars", 1, $lang->can_upload_avatars, array("checked" => $mybb->input['canuploadavatars'])),-		$form->generate_check_box("canusesig", 1, $lang->can_use_signature, array("checked" => $mybb->input['canusesig'])),-		$form->generate_check_box("signofollow", 1, $lang->uses_no_follow, array("checked" => $mybb->input['signofollow'])),-		$form->generate_check_box("canchangewebsite", 1, $lang->can_change_website, array("checked" => $mybb->input['canchangewebsite'])),-		"{$lang->required_posts}<br /><small class=\"input\">{$lang->required_posts_desc}</small><br />".$form->generate_numeric_field('canusesigxposts', $mybb->input['canusesigxposts'], array('id' => 'canusesigxposts', 'class' => 'field50', 'min' => 0))+		$form->generate_check_box("canbereported", 1, $lang->can_be_reported, array("checked" => $mybb->get_input('canbereported', MyBB::INPUT_INT))),+		$form->generate_check_box("canbeinvisible", 1, $lang->can_be_invisible, array("checked" => $mybb->get_input('canbeinvisible', MyBB::INPUT_INT))),+		$form->generate_check_box("canusercp", 1, $lang->can_access_usercp, array("checked" => $mybb->get_input('canusercp', MyBB::INPUT_INT))),+		$form->generate_check_box("canchangename", 1, $lang->can_change_username, array("checked" => $mybb->get_input('canchangename', MyBB::INPUT_INT))),+		$form->generate_check_box("cancustomtitle", 1, $lang->can_use_usertitles, array("checked" => $mybb->get_input('cancustomtitle', MyBB::INPUT_INT))),+		$form->generate_check_box("canuploadavatars", 1, $lang->can_upload_avatars, array("checked" => $mybb->get_input('canuploadavatars', MyBB::INPUT_INT))),+		$form->generate_check_box("canusesig", 1, $lang->can_use_signature, array("checked" => $mybb->get_input('canusesig', MyBB::INPUT_INT))),+		$form->generate_check_box("signofollow", 1, $lang->uses_no_follow, array("checked" => $mybb->get_input('signofollow', MyBB::INPUT_INT))),+		$form->generate_check_box("canchangewebsite", 1, $lang->can_change_website, array("checked" => $mybb->get_input('canchangewebsite', MyBB::INPUT_INT))),+		"{$lang->required_posts}<br /><small class=\"input\">{$lang->required_posts_desc}</small><br />".$form->generate_numeric_field('canusesigxposts', $mybb->get_input('canusesigxposts', MyBB::INPUT_INT), array('id' => 'canusesigxposts', 'class' => 'field50', 'min' => 0)) 	); 	$form_container->output_row($lang->account_management, "", "<div class=\"group_settings_bit\">".implode("</div><div class=\"group_settings_bit\">", $account_options)."</div>");  	$reputation_options = array(-		$form->generate_check_box("usereputationsystem", 1, $lang->show_reputations, array("checked" => $mybb->input['usereputationsystem'])),-		$form->generate_check_box("cangivereputations", 1, $lang->can_give_reputation, array("checked" => $mybb->input['cangivereputations'])),-		$form->generate_check_box("candeletereputations", 1, $lang->can_delete_own_reputation, array("checked" => $mybb->input['candeletereputations'])),+		$form->generate_check_box("usereputationsystem", 1, $lang->show_reputations, array("checked" => $mybb->get_input('usereputationsystem', MyBB::INPUT_INT))),+		$form->generate_check_box("cangivereputations", 1, $lang->can_give_reputation, array("checked" => $mybb->get_input('cangivereputations', MyBB::INPUT_INT))),+		$form->generate_check_box("candeletereputations", 1, $lang->can_delete_own_reputation, array("checked" => $mybb->get_input('candeletereputations', MyBB::INPUT_INT))), 		"{$lang->points_to_award_take}<br /><small class=\"input\">{$lang->points_to_award_take_desc}</small><br />".$form->generate_numeric_field('reputationpower', $mybb->input['reputationpower'], array('id' => 'reputationpower', 'class' => 'field50', 'min' => 0)), 		"{$lang->max_reputations_perthread}<br /><small class=\"input\">{$lang->max_reputations_perthread_desc}</small><br />".$form->generate_numeric_field('maxreputationsperthread', $mybb->input['maxreputationsperthread'], array('id' => 'maxreputationsperthread', 'class' => 'field50', 'min' => 0)), 		"{$lang->max_reputations_peruser}<br /><small class=\"input\">{$lang->max_reputations_peruser_desc}</small><br />".$form->generate_numeric_field('maxreputationsperuser', $mybb->input['maxreputationsperuser'], array('id' => 'maxreputationsperuser', 'class' => 'field50', 'min' => 0)),@@ -1193,18 +1195,18 @@ 	$form_container->output_row($lang->reputation_system, "", "<div class=\"group_settings_bit\">".implode("</div><div class=\"group_settings_bit\">", $reputation_options)."</div>");  	$warning_options = array(-		$form->generate_check_box("canwarnusers", 1, $lang->can_send_warnings, array("checked" => $mybb->input['canwarnusers'])),-		$form->generate_check_box("canreceivewarnings", 1, $lang->can_receive_warnings, array("checked" => $mybb->input['canreceivewarnings'])),+		$form->generate_check_box("canwarnusers", 1, $lang->can_send_warnings, array("checked" => $mybb->get_input('canwarnusers', MyBB::INPUT_INT))),+		$form->generate_check_box("canreceivewarnings", 1, $lang->can_receive_warnings, array("checked" => $mybb->get_input('canreceivewarnings', MyBB::INPUT_INT))), 		"{$lang->warnings_per_day}<br />".$form->generate_numeric_field('maxwarningsday', $mybb->input['maxwarningsday'], array('id' => 'maxwarningsday', 'class' => 'field50')) 	); 	$form_container->output_row($lang->warning_system, "", "<div class=\"group_settings_bit\">".implode("</div><div class=\"group_settings_bit\">", $warning_options)."</div>");  	$pm_options = array(-		$form->generate_check_box("canusepms", 1, $lang->can_use_pms, array("checked" => $mybb->input['canusepms'])),-		$form->generate_check_box("cansendpms", 1, $lang->can_send_pms, array("checked" => $mybb->input['cansendpms'])),-		$form->generate_check_box("canoverridepm", 1, $lang->can_override_pms, array("checked" => $mybb->input['canoverridepm'])),-		$form->generate_check_box("cantrackpms", 1, $lang->can_track_pms, array("checked" => $mybb->input['cantrackpms'])),-		$form->generate_check_box("candenypmreceipts", 1, $lang->can_deny_reciept, array("checked" => $mybb->input['candenypmreceipts'])),+		$form->generate_check_box("canusepms", 1, $lang->can_use_pms, array("checked" => $mybb->get_input('canusepms', MyBB::INPUT_INT))),+		$form->generate_check_box("cansendpms", 1, $lang->can_send_pms, array("checked" => $mybb->get_input('cansendpms', MyBB::INPUT_INT))),+		$form->generate_check_box("canoverridepm", 1, $lang->can_override_pms, array("checked" => $mybb->get_input('canoverridepm', MyBB::INPUT_INT))),+		$form->generate_check_box("cantrackpms", 1, $lang->can_track_pms, array("checked" => $mybb->get_input('cantrackpms', MyBB::INPUT_INT))),+		$form->generate_check_box("candenypmreceipts", 1, $lang->can_deny_reciept, array("checked" => $mybb->get_input('candenypmreceipts', MyBB::INPUT_INT))), 		"{$lang->message_quota}<br /><small>{$lang->message_quota_desc}</small><br />".$form->generate_numeric_field('pmquota', $mybb->input['pmquota'], array('id' => 'pmquota', 'class' => 'field50', 'min' => 0)), 		"{$lang->max_recipients}<br /><small>{$lang->max_recipients_desc}</small><br />".$form->generate_numeric_field('maxpmrecipients', $mybb->input['maxpmrecipients'], array('id' => 'maxpmrecipients', 'class' => 'field50', 'min' => 0)) 	);@@ -1220,25 +1222,25 @@ 	$form_container = new FormContainer($lang->misc);  	$calendar_options = array(-		$form->generate_check_box("canviewcalendar", 1, $lang->can_view_calendar, array("checked" => $mybb->input['canviewcalendar'])),-		$form->generate_check_box("canaddevents", 1, $lang->can_post_events, array("checked" => $mybb->input['canaddevents'])),-		$form->generate_check_box("canbypasseventmod", 1, $lang->can_bypass_event_moderation, array("checked" => $mybb->input['canbypasseventmod'])),-		$form->generate_check_box("canmoderateevents", 1, $lang->can_moderate_events, array("checked" => $mybb->input['canmoderateevents']))+		$form->generate_check_box("canviewcalendar", 1, $lang->can_view_calendar, array("checked" => $mybb->get_input('canviewcalendar', MyBB::INPUT_INT))),+		$form->generate_check_box("canaddevents", 1, $lang->can_post_events, array("checked" => $mybb->get_input('canaddevents', MyBB::INPUT_INT))),+		$form->generate_check_box("canbypasseventmod", 1, $lang->can_bypass_event_moderation, array("checked" => $mybb->get_input('canbypasseventmod', MyBB::INPUT_INT))),+		$form->generate_check_box("canmoderateevents", 1, $lang->can_moderate_events, array("checked" => $mybb->get_input('canmoderateevents', MyBB::INPUT_INT))) 	); 	$form_container->output_row($lang->calendar, "", "<div class=\"group_settings_bit\">".implode("</div><div class=\"group_settings_bit\">", $calendar_options)."</div>");  	$wol_options = array(-		$form->generate_check_box("canviewonline", 1, $lang->can_view_whos_online, array("checked" => $mybb->input['canviewonline'])),-		$form->generate_check_box("canviewwolinvis", 1, $lang->can_view_invisible, array("checked" => $mybb->input['canviewwolinvis'])),-		$form->generate_check_box("canviewonlineips", 1, $lang->can_view_ips, array("checked" => $mybb->input['canviewonlineips']))+		$form->generate_check_box("canviewonline", 1, $lang->can_view_whos_online, array("checked" => $mybb->get_input('canviewonline', MyBB::INPUT_INT))),+		$form->generate_check_box("canviewwolinvis", 1, $lang->can_view_invisible, array("checked" => $mybb->get_input('canviewwolinvis', MyBB::INPUT_INT))),+		$form->generate_check_box("canviewonlineips", 1, $lang->can_view_ips, array("checked" => $mybb->get_input('canviewonlineips', MyBB::INPUT_INT))) 	); 	$form_container->output_row($lang->whos_online, "", "<div class=\"group_settings_bit\">".implode("</div><div class=\"group_settings_bit\">", $wol_options)."</div>");  	$misc_options = array(-		$form->generate_check_box("canviewmemberlist", 1, $lang->can_view_member_list, array("checked" => $mybb->input['canviewmemberlist'])),-		$form->generate_check_box("showinbirthdaylist", 1, $lang->show_in_birthday_list, array("checked" => $mybb->input['showinbirthdaylist'])),-		$form->generate_check_box("cansendemail", 1, $lang->can_email_users, array("checked" => $mybb->input['cansendemail'])),-		$form->generate_check_box("cansendemailoverride", 1, $lang->can_email_users_override, array("checked" => $mybb->input['cansendemailoverride'])),+		$form->generate_check_box("canviewmemberlist", 1, $lang->can_view_member_list, array("checked" => $mybb->get_input('canviewmemberlist', MyBB::INPUT_INT))),+		$form->generate_check_box("showinbirthdaylist", 1, $lang->show_in_birthday_list, array("checked" => $mybb->get_input('showinbirthdaylist', MyBB::INPUT_INT))),+		$form->generate_check_box("cansendemail", 1, $lang->can_email_users, array("checked" => $mybb->get_input('cansendemail', MyBB::INPUT_INT))),+		$form->generate_check_box("cansendemailoverride", 1, $lang->can_email_users_override, array("checked" => $mybb->get_input('cansendemailoverride', MyBB::INPUT_INT))), 		"{$lang->max_emails_per_day}<br /><small class=\"input\">{$lang->max_emails_per_day_desc}</small><br />".$form->generate_numeric_field('maxemails', $mybb->input['maxemails'], array('id' => 'maxemails', 'class' => 'field50', 'min' => 0)), 		"{$lang->email_flood_time}<br /><small class=\"input\">{$lang->email_flood_time_desc}</small><br />".$form->generate_numeric_field('emailfloodtime', $mybb->input['emailfloodtime'], array('id' => 'emailfloodtime', 'class' => 'field50', 'min' => 0)) 	);@@ -1254,18 +1256,18 @@ 	$form_container = new FormContainer($lang->mod_cp);  	$forum_post_options = array(-		$form->generate_check_box("canmanageannounce", 1, $lang->can_manage_announce, array("checked" => $mybb->input['canmanageannounce'])),-		$form->generate_check_box("canmanagemodqueue", 1, $lang->can_manage_mod_queue, array("checked" => $mybb->input['canmanagemodqueue'])),-		$form->generate_check_box("canmanagereportedcontent", 1, $lang->can_manage_reported_content, array("checked" => $mybb->input['canmanagereportedcontent'])),-		$form->generate_check_box("canviewmodlogs", 1, $lang->can_view_mod_logs, array("checked" => $mybb->input['canviewmodlogs']))+		$form->generate_check_box("canmanageannounce", 1, $lang->can_manage_announce, array("checked" => $mybb->get_input('canmanageannounce', MyBB::INPUT_INT))),+		$form->generate_check_box("canmanagemodqueue", 1, $lang->can_manage_mod_queue, array("checked" => $mybb->get_input('canmanagemodqueue', MyBB::INPUT_INT))),+		$form->generate_check_box("canmanagereportedcontent", 1, $lang->can_manage_reported_content, array("checked" => $mybb->get_input('canmanagereportedcontent', MyBB::INPUT_INT))),+		$form->generate_check_box("canviewmodlogs", 1, $lang->can_view_mod_logs, array("checked" => $mybb->get_input('canviewmodlogs', MyBB::INPUT_INT))) 	); 	$form_container->output_row($lang->forum_post_options, "", "<div class=\"group_settings_bit\">".implode("</div><div class=\"group_settings_bit\">", $forum_post_options)."</div>");  	$user_options = array(-		$form->generate_check_box("caneditprofiles", 1, $lang->can_edit_profiles, array("checked" => $mybb->input['caneditprofiles'])),-		$form->generate_check_box("canbanusers", 1, $lang->can_ban_users, array("checked" => $mybb->input['canbanusers'])),-		$form->generate_check_box("canviewwarnlogs", 1, $lang->can_view_warnlogs, array("checked" => $mybb->input['canviewwarnlogs'])),-		$form->generate_check_box("canuseipsearch", 1, $lang->can_use_ipsearch, array("checked" => $mybb->input['canuseipsearch']))+		$form->generate_check_box("caneditprofiles", 1, $lang->can_edit_profiles, array("checked" => $mybb->get_input('caneditprofiles', MyBB::INPUT_INT))),+		$form->generate_check_box("canbanusers", 1, $lang->can_ban_users, array("checked" => $mybb->get_input('canbanusers', MyBB::INPUT_INT))),+		$form->generate_check_box("canviewwarnlogs", 1, $lang->can_view_warnlogs, array("checked" => $mybb->get_input('canviewwarnlogs', MyBB::INPUT_INT))),+		$form->generate_check_box("canuseipsearch", 1, $lang->can_use_ipsearch, array("checked" => $mybb->get_input('canuseipsearch', MyBB::INPUT_INT))) 	); 	$form_container->output_row($lang->user_options, "", "<div class=\"group_settings_bit\">".implode("</div><div class=\"group_settings_bit\">", $user_options)."</div>"); @@ -1377,7 +1379,7 @@ 	{ 		$gid = (int)$gid; 		$order = (int)$order;-		if($gid != 0 && $order != 0)+		if($gid != 0 && $order > 0) 		{ 			$sql_array = array( 				'disporder' => $order,@@ -1405,7 +1407,10 @@ 		{ 			foreach($mybb->input['disporder'] as $gid => $order) 			{-				$db->update_query("usergroups", array('disporder' => (int)$order), "gid='".(int)$gid."'");+				if(is_numeric($order) && (int)$order >= 0)+				{+					$db->update_query("usergroups", array('disporder' => (int)$order), "gid='".(int)$gid."'");+				} 			}  			$plugins->run_hooks("admin_user_groups_start_commit");@@ -1536,7 +1541,7 @@  		if($usergroup['showforumteam'] == 1) 		{-			$form_container->output_cell($form->generate_numeric_field("disporder[{$usergroup['gid']}]", "{$usergroup['disporder']}", array('class' => 'align_center', 'style' => 'width:80%')), array("class" => "align_center"));+			$form_container->output_cell($form->generate_numeric_field("disporder[{$usergroup['gid']}]", "{$usergroup['disporder']}", array('min' => 0, 'class' => 'align_center', 'style' => 'width:80%')), array("class" => "align_center")); 		} 		else 		{

AI Analysis

Vulnerability Existed: yes  
CWE-20 - Improper Input Validation - admin/modules/user/groups.php [1537]  
Old Code:  
```php  
$form_container->output_cell($form->generate_numeric_field("disporder[{$usergroup['gid']}]", "{$usergroup['disporder']}", array('class' => 'align_center', 'style' => 'width:80%')), array("class" => "align_center"));  
```  
Fixed Code:  
```php  
$form_container->output_cell($form->generate_numeric_field("disporder[{$usergroup['gid']}]", "{$usergroup['disporder']}", array('min' => 0, 'class' => 'align_center', 'style' => 'width:80%')), array("class" => "align_center"));  
```  

Vulnerability Existed: yes  
CWE-20 - Improper Input Validation - admin/modules/user/groups.php [1405-1407]  
Old Code:  
```php  
foreach($mybb->input['disporder'] as $gid => $order)  
{  
    $db->update_query("usergroups", array('disporder' => (int)$order), "gid='".(int)$gid."'");  
}  
```  
Fixed Code:  
```php  
foreach($mybb->input['disporder'] as $gid => $order)  
{  
    if(is_numeric($order) && (int)$order >= 0)  
    {  
        $db->update_query("usergroups", array('disporder' => (int)$order), "gid='".(int)$gid."'");  
    }  
}  
```  

Vulnerability Existed: yes  
CWE-20 - Improper Input Validation - admin/modules/user/groups.php [1379]  
Old Code:  
```php  
if($gid != 0 && $order != 0)  
```  
Fixed Code:  
```php  
if($gid != 0 && $order > 0)  
```  

Vulnerability Existed: yes  
CWE-20 - Improper Input Validation - admin/modules/user/groups.php [Multiple locations]  
Old Code:  
```php  
$form->generate_yes_no_radio('canmanagemembers', $mybb->input['canmanagemembers'])  
```  
Fixed Code:  
```php  
$form->generate_yes_no_radio('canmanagemembers', $mybb->get_input('canmanagemembers', MyBB::INPUT_INT))  
```

[mybb_1839→mybb_1838_build] admin/modules/user/users.php AI: 7 vulnerabilities

--- cache/mybb_mybb_1838_build/admin/modules/user/users.php	2025-11-13 17:29:36.662029279 +0000+++ cache/mybb_mybb_1839/admin/modules/user/users.php	2025-11-13 17:29:22.640140848 +0000@@ -519,7 +519,6 @@ 			"profile_fields" => $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY), 			"profile_fields_editable" => true, 			"website" => $mybb->get_input('website'),-			"icq" => $mybb->get_input('icq'), 			"skype" => $mybb->get_input('skype'), 			"google" => $mybb->get_input('google'), 			"birthday" => array(@@ -590,7 +589,7 @@  		// Set the data of the user in the datahandler. 		$userhandler->set_data($updated_user);-		$errors = '';+		$errors = array();  		// Validate the user and get any errors that might have occurred. 		if(!$userhandler->validate_user())@@ -1175,7 +1174,6 @@ 	$form_container = new FormContainer($lang->optional_profile_info.': '.htmlspecialchars_uni($user['username'])); 	$form_container->output_row($lang->custom_user_title, $lang->custom_user_title_desc, $form->generate_text_box('usertitle', $mybb->get_input('usertitle'), array('id' => 'usertitle')), 'usertitle'); 	$form_container->output_row($lang->website, "", $form->generate_text_box('website', $mybb->get_input('website'), array('id' => 'website')), 'website');-	$form_container->output_row($lang->icq_number, "", $form->generate_numeric_field('icq', $mybb->get_input('icq'), array('id' => 'icq', 'min' => 0)), 'icq'); 	$form_container->output_row($lang->skype_handle, "", $form->generate_text_box('skype', $mybb->get_input('skype'), array('id' => 'skype')), 'skype'); 	$form_container->output_row($lang->google_handle, "", $form->generate_text_box('google', $mybb->get_input('google'), array('id' => 'google')), 'google'); @@ -2729,7 +2727,7 @@ 			} 			else 			{-				if($mybb->input['processed'] == 1)+				if(isset($mybb->input['processed'])) 				{ 					// Set up user handler. 					require_once MYBB_ROOT.'inc/datahandlers/user.php';@@ -3312,7 +3310,7 @@ 	// Build the search SQL for users  	// List of valid LIKE search fields-	$user_like_fields = array("username", "email", "website", "icq", "skype", "google", "signature", "usertitle");+	$user_like_fields = array("username", "email", "website", "skype", "google", "signature", "usertitle"); 	foreach($user_like_fields as $search_field) 	{ 		if(!empty($view['conditions'][$search_field]) && empty($view['conditions'][$search_field.'_blank']))@@ -4220,7 +4218,7 @@ 		$input['conditions'] = (array)my_unserialize($input['conditions']); 	} -	$array = array('username', 'email', 'usergroup', 'website', 'website_blank', 'icq', 'icq_blank', 'skype', 'skype_blank', 'google', 'google_blank', 'signature', 'signature_blank', 'usertitle', 'usertitle_blank', 'postnum_dir', 'postnum', 'threadnum_dir', 'threadnum', 'regdate', 'regip', 'lastip', 'postip');+	$array = array('username', 'email', 'usergroup', 'website', 'website_blank', 'skype', 'skype_blank', 'google', 'google_blank', 'signature', 'signature_blank', 'usertitle', 'usertitle_blank', 'postnum_dir', 'postnum', 'threadnum_dir', 'threadnum', 'regdate', 'regip', 'lastip', 'postip'); 	foreach($array as $condition) 	{ 		if(!isset($input['conditions'][$condition]))@@ -4263,7 +4261,6 @@ 	$form_container->output_row($lang->is_member_of_groups, $lang->additional_user_groups_desc, $form->generate_select_box('conditions[usergroup][]', $options, $input['conditions']['usergroup'], array('id' => 'usergroups', 'multiple' => true, 'size' => 5)), 'usergroups');  	$form_container->output_row($lang->website_contains, "", $form->generate_text_box('conditions[website]', $input['conditions']['website'], array('id' => 'website'))." {$lang->or} ".$form->generate_check_box('conditions[website_blank]', 1, $lang->is_not_blank, array('id' => 'website_blank', 'checked' => $input['conditions']['website_blank'])), 'website');-	$form_container->output_row($lang->icq_number_contains, "", $form->generate_text_box('conditions[icq]', $input['conditions']['icq'], array('id' => 'icq'))." {$lang->or} ".$form->generate_check_box('conditions[icq_blank]', 1, $lang->is_not_blank, array('id' => 'icq_blank', 'checked' => $input['conditions']['icq_blank'])), 'icq'); 	$form_container->output_row($lang->skype_contains, "", $form->generate_text_box('conditions[skype]', $input['conditions']['skype'], array('id' => 'skype'))." {$lang->or} ".$form->generate_check_box('conditions[skype_blank]', 1, $lang->is_not_blank, array('id' => 'skype_blank', 'checked' => $input['conditions']['skype_blank'])), 'skype'); 	$form_container->output_row($lang->google_contains, "", $form->generate_text_box('conditions[google]', $input['conditions']['google'], array('id' => 'google'))." {$lang->or} ".$form->generate_check_box('conditions[google_blank]', 1, $lang->is_not_blank, array('id' => 'google_blank', 'checked' => $input['conditions']['google_blank'])), 'google'); 	$form_container->output_row($lang->signature_contains, "", $form->generate_text_box('conditions[signature]', $input['conditions']['signature'], array('id' => 'signature'))." {$lang->or} ".$form->generate_check_box('conditions[signature_blank]', 1, $lang->is_not_blank, array('id' => 'signature_blank', 'checked' => $input['conditions']['signature_blank'])), 'signature');

AI Analysis

Vulnerability Existed: yes
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - admin/modules/user/users.php [3312]
[Old Code]
$user_like_fields = array("username", "email", "website", "icq", "skype", "google", "signature", "usertitle");
[Fixed Code]
$user_like_fields = array("username", "email", "website", "skype", "google", "signature", "usertitle");

Vulnerability Existed: yes
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - admin/modules/user/users.php [4220]
[Old Code]
$array = array('username', 'email', 'usergroup', 'website', 'website_blank', 'icq', 'icq_blank', 'skype', 'skype_blank', 'google', 'google_blank', 'signature', 'signature_blank', 'usertitle', 'usertitle_blank', 'postnum_dir', 'postnum', 'threadnum_dir', 'threadnum', 'regdate', 'regip', 'lastip', 'postip');
[Fixed Code]
$array = array('username', 'email', 'usergroup', 'website', 'website_blank', 'skype', 'skype_blank', 'google', 'google_blank', 'signature', 'signature_blank', 'usertitle', 'usertitle_blank', 'postnum_dir', 'postnum', 'threadnum_dir', 'threadnum', 'regdate', 'regip', 'lastip', 'postip');

Vulnerability Existed: yes
CWE-20: Improper Input Validation - admin/modules/user/users.php [2729]
[Old Code]
if($mybb->input['processed'] == 1)
[Fixed Code]
if(isset($mybb->input['processed']))

Vulnerability Existed: yes
CWE-20: Improper Input Validation - admin/modules/user/users.php [590]
[Old Code]
$errors = '';
[Fixed Code]
$errors = array();

Vulnerability Existed: yes
CWE-20: Improper Input Validation - admin/modules/user/users.php [519]
[Old Code]
"icq" => $mybb->get_input('icq'),
[Fixed Code]
[Removed line]

Vulnerability Existed: yes
CWE-20: Improper Input Validation - admin/modules/user/users.php [1175]
[Old Code]
$form_container->output_row($lang->icq_number, "", $form->generate_numeric_field('icq', $mybb->get_input('icq'), array('id' => 'icq', 'min' => 0)), 'icq');
[Fixed Code]
[Removed line]

Vulnerability Existed: yes
CWE-20: Improper Input Validation - admin/modules/user/users.php [4261]
[Old Code]
$form_container->output_row($lang->icq_number_contains, "", $form->generate_text_box('conditions[icq]', $input['conditions']['icq'], array('id' => 'icq'))." {$lang->or} ".$form->generate_check_box('conditions[icq_blank]', 1, $lang->is_not_blank, array('id' => 'icq_blank', 'checked' => $input['conditions']['icq_blank'])), 'icq');
[Fixed Code]
[Removed line]

[mybb_1839→mybb_1838_build] editpost.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1838_build/editpost.php	2025-11-13 17:29:36.666029532 +0000+++ cache/mybb_mybb_1839/editpost.php	2025-11-13 17:29:22.644141102 +0000@@ -192,7 +192,7 @@ }  $attacherror = '';-if($mybb->settings['enableattachments'] == 1 && ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || ((($mybb->input['action'] == "do_editpost" && isset($mybb->input['submitbutton'])) || ($mybb->input['action'] == "editpost" && isset($mybb->input['previewpost']))) && $_FILES['attachments'])))+if($mybb->settings['enableattachments'] == 1 && ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || ((($mybb->input['action'] == "do_editpost" && isset($mybb->input['submitbutton'])) || ($mybb->input['action'] == "editpost" && isset($mybb->input['previewpost']))) && isset($_FILES['attachments'])))) { 	// Verify incoming POST request 	verify_post_check($mybb->get_input('my_post_key'));@@ -231,7 +231,7 @@ 			$usage = $db->fetch_array($query); 			$ret['usage'] = get_friendly_size($usage['ausage']); 		}-		+ 		header("Content-type: application/json; charset={$lang->settings['charset']}"); 		echo json_encode($ret); 		exit();@@ -603,10 +603,7 @@ 	$plugins->run_hooks("editpost_action_start");  	$preview = '';-	if(!isset($mybb->input['previewpost']))-	{-		$icon = $post['icon'];-	}+	$posticons = '';  	if($forum['allowpicons'] != 0) 	{@@ -617,7 +614,7 @@ 	eval("\$loginbox = \"".$templates->get("changeuserbox")."\";");  	$deletebox = '';-	+ 	if(isset($post['visible']) && $post['visible'] != -1 && (($thread['firstpost'] == $pid && (is_moderator($fid, "candeletethreads") || $forumpermissions['candeletethreads'] == 1 && $mybb->user['uid'] == $post['uid'])) || ($thread['firstpost'] != $pid && (is_moderator($fid, "candeleteposts") || $forumpermissions['candeleteposts'] == 1 && $mybb->user['uid'] == $post['uid'])))) 	{ 		eval("\$deletebox = \"".$templates->get("editpost_delete")."\";");@@ -700,13 +697,13 @@ 			$lang->attach_usage = ""; 		} -		$attach_update_options = '';-+		$attach_add_options = ''; 		if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !$noshowattach) 		{ 			eval("\$attach_add_options = \"".$templates->get("post_attachments_add")."\";"); 		} +		$attach_update_options = ''; 		if(($mybb->usergroup['caneditattachments'] || $forumpermissions['caneditattachments']) && $attachcount > 0) 		{ 			eval("\$attach_update_options = \"".$templates->get("post_attachments_update")."\";");@@ -812,7 +809,7 @@ 			{ 				$postoptionschecked['disablesmilies'] = " checked=\"checked\""; 			}-			+ 			$subscription_method = get_subscription_method($tid, $postoptions); 			${$subscription_method.'subscribe'} = "checked=\"checked\" "; 		}@@ -854,7 +851,7 @@ 		// Set the values of the post info array. 		$postinfo['message'] = $previewmessage; 		$postinfo['subject'] = $previewsubject;-		$postinfo['icon'] = $icon;+		$postinfo['icon'] = $post['icon']; 		$postinfo['smilieoff'] = $postoptions['disablesmilies'];  		$postbit = build_postbit($postinfo, 1);@@ -918,17 +915,17 @@ 		$lang->max_options = $lang->sprintf($lang->max_options, $mybb->settings['maxpolloptions']); 		$numpolloptions = $mybb->get_input('numpolloptions', MyBB::INPUT_INT); 		$postpollchecked = '';-		+ 		if($numpolloptions < 1) 		{ 			$numpolloptions = 2; 		}-		+ 		if($mybb->get_input('postpoll', MyBB::INPUT_INT) == 1) 		{ 			$postpollchecked = 'checked="checked"'; 		}-		+ 		eval("\$pollbox = \"".$templates->get("newthread_postpoll")."\";"); 	} 	else

AI Analysis

Vulnerability Existed: yes  
CWE-434 - Unrestricted Upload of File with Dangerous Type - editpost.php [192]  
Old Code:  
```php
if($mybb->settings['enableattachments'] == 1 && ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || ((($mybb->input['action'] == "do_editpost" && isset($mybb->input['submitbutton'])) || ($mybb->input['action'] == "editpost" && isset($mybb->input['previewpost']))) && $_FILES['attachments'])))
```  
Fixed Code:  
```php
if($mybb->settings['enableattachments'] == 1 && ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || ((($mybb->input['action'] == "do_editpost" && isset($mybb->input['submitbutton'])) || ($mybb->input['action'] == "editpost" && isset($mybb->input['previewpost']))) && isset($_FILES['attachments']))))
```

Vulnerability Existed: yes  
CWE-20 - Improper Input Validation - editpost.php [192]  
Old Code:  
```php
if($mybb->settings['enableattachments'] == 1 && ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || ((($mybb->input['action'] == "do_editpost" && isset($mybb->input['submitbutton'])) || ($mybb->input['action'] == "editpost" && isset($mybb->input['previewpost']))) && $_FILES['attachments'])))
```  
Fixed Code:  
```php
if($mybb->settings['enableattachments'] == 1 && ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || ((($mybb->input['action'] == "do_editpost" && isset($mybb->input['submitbutton'])) || ($mybb->input['action'] == "editpost" && isset($mybb->input['previewpost']))) && isset($_FILES['attachments']))))
```

[mybb_1839→mybb_1838_build] forumdisplay.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1838_build/forumdisplay.php	2025-11-13 17:29:36.666029532 +0000+++ cache/mybb_mybb_1839/forumdisplay.php	2025-11-13 17:29:22.644141102 +0000@@ -798,7 +798,7 @@ 	$bgcolor = alt_trow(true); // Reset the trow colors 	while($announcement = $db->fetch_array($query)) 	{-		if($announcement['startdate'] > $mybb->user['lastvisit'] && !$cookie[$announcement['aid']])+		if($announcement['startdate'] > $mybb->user['lastvisit'] && !isset($cookie[$announcement['aid']])) 		{ 			$new_class = ' class="subject_new"'; 			$folder = "newfolder";

AI Analysis

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE-20 - forumdisplay.php [798]  
[Old Code]  
`if($announcement['startdate'] > $mybb->user['lastvisit'] && !$cookie[$announcement['aid']])`  
[Fixed Code]  
`if($announcement['startdate'] > $mybb->user['lastvisit'] && !isset($cookie[$announcement['aid']]))`

[mybb_1839→mybb_1838_build] inc/class_core.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1838_build/inc/class_core.php	2025-11-13 17:29:36.677030229 +0000+++ cache/mybb_mybb_1839/inc/class_core.php	2025-11-13 17:29:22.654141735 +0000@@ -14,14 +14,14 @@ 	 * 	 * @var string 	 */-	public $version = "1.8.38";+	public $version = "1.8.39";  	/** 	 * The version code of MyBB we're running. 	 * 	 * @var integer 	 */-	public $version_code = 1838;+	public $version_code = 1839;  	/** 	 * The current working directory.@@ -277,11 +277,11 @@ 		$this->parse_incoming($_GET); 		$this->parse_incoming($_POST); -		if($_SERVER['REQUEST_METHOD'] == "POST")+		if(isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] == "POST") 		{ 			$this->request_method = "post"; 		}-		else if($_SERVER['REQUEST_METHOD'] == "GET")+		else 		{ 			$this->request_method = "get"; 		}

AI Analysis

Vulnerability Existed: yes  
CWE-807: Reliance on Untrusted Inputs in a Security Decision - CWE-807 - inc/class_core.php [277-283]  
[Old Code]  
```php
		if($_SERVER['REQUEST_METHOD'] == "POST")
		{
			$this->request_method = "post";
		}
		else if($_SERVER['REQUEST_METHOD'] == "GET")
		{
			$this->request_method = "get";
		}
```  
[Fixed Code]  
```php
		if(isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] == "POST")
		{
			$this->request_method = "post";
		}
		else
		{
			$this->request_method = "get";
		}
```

[mybb_1839→mybb_1838_build] inc/class_datacache.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1838_build/inc/class_datacache.php	2025-11-13 17:29:36.678030293 +0000+++ cache/mybb_mybb_1839/inc/class_datacache.php	2025-11-13 17:29:22.655141798 +0000@@ -644,7 +644,14 @@ 	 */ 	private function build_forum_permissions($permissions=array(), $pid=0) 	{-		$usergroups = array_keys($this->read("usergroups", true));+		$usergroups = $this->read("usergroups", true);++		if($usergroups === false) +		{+			$usergroups = array(); +		}+		+		$usergroups = array_keys($usergroups);  		if(!empty($this->forum_permissions_forum_cache[$pid])) 		{ 			foreach($this->forum_permissions_forum_cache[$pid] as $main)

AI Analysis

Vulnerability Existed: yes
CWE-502 Deserialization of Untrusted Data - CWE-502 - inc/class_datacache.php [Lines in read function]
Old Code:
```php
$data = native_unserialize($cache_data['cache']);
```
Fixed Code:
```php
// The fix is not directly shown in the diff, but the vulnerability exists in the read function
// The issue is that native_unserialize() is used without proper validation of the serialized data
```

Vulnerability Existed: yes
CWE-89 SQL Injection - CWE-89 - inc/class_datacache.php [Lines in read function]
Old Code:
```php
$query = $db->simple_select("datacache", "title,cache", "title='".$db->escape_string($name)."'");
```
Fixed Code:
```php
// The fix is not directly shown in the diff, but the vulnerability exists in the read function
// The issue is that $name is used directly in SQL query even after escaping
```

Note: The actual diff shows a minor change in the `build_forum_permissions` function, but the main security vulnerabilities exist in the `read` function that is called from it. The vulnerabilities are:
1. Unsafe deserialization using `native_unserialize()` on cached data that could be manipulated
2. Potential SQL injection through the `$name` parameter in the SQL query, even with escaping

The diff doesn't directly fix these vulnerabilities, but they are present in the codebase based on the function context provided.

[mybb_1839→mybb_1838_build] inc/class_error.php AI: 3 vulnerabilities

--- cache/mybb_mybb_1838_build/inc/class_error.php	2025-11-13 17:29:36.678030293 +0000+++ cache/mybb_mybb_1839/inc/class_error.php	2025-11-13 17:29:22.655141798 +0000@@ -61,7 +61,6 @@ 		E_USER_WARNING					=> 'User Warning', 		E_USER_NOTICE					=> 'User Notice', 		E_USER_DEPRECATED	 			=> 'User Deprecated Warning',-		E_STRICT						=> 'Runtime Notice', 		E_RECOVERABLE_ERROR				=> 'Catchable Fatal Error', 		MYBB_SQL 						=> 'MyBB SQL Error', 		MYBB_TEMPLATE					=> 'MyBB Template Error',@@ -100,7 +99,6 @@ 		E_DEPRECATED, 		E_NOTICE, 		E_USER_NOTICE,-		E_STRICT 	);  	/**@@ -130,6 +128,12 @@ 	 */ 	function __construct() 	{+		if(version_compare(PHP_VERSION, '7.0', '<'))+		{+			$this->error_types[E_STRICT] = 'Runtime Notice';+			$this->ignore_types[] = E_STRICT;+		}+ 		// Lets set the error handler in here so we can just do $handler = new errorHandler() and be all set up. 		$error_types = E_ALL; 		foreach($this->ignore_types as $bit)

AI Analysis

Vulnerability Existed: yes
CWE-489: Active Debug Code - CWE-489 - inc/class_error.php [Lines in multiple functions]
[Old Code]
In the `generate_backtrace` function, there is code that outputs detailed backtrace information in both HTML and plain text formats. In the `log_error` function, this backtrace is included in error logs. In the `email_error` function, debug backtrace is included in error emails sent to administrators.
[Fixed Code]
The diff shows changes to error types but does not directly fix the debug information exposure. However, the removal of E_STRICT handling suggests code modernization, but the core issue of detailed debug information in logs and emails remains.

Vulnerability Existed: yes
CWE-117: Improper Output Neutralization for Logs - CWE-117 - inc/class_error.php [Lines in log_error function]
[Old Code]
In the `log_error` function, error messages are logged directly without proper sanitization, though there is some basic protection: `$message = str_replace('<?', '< ?', $message);`
[Fixed Code]
The diff does not show changes to the logging sanitization. The basic protection remains insufficient for comprehensive log injection prevention.

Vulnerability Existed: yes
CWE-200: Information Exposure - CWE-200 - inc/class_error.php [Lines in log_error and email_error functions]
[Old Code]
Both `log_error` and `email_error` functions expose sensitive system information including file paths, SQL queries, and stack traces in error logs and emails.
[Fixed Code]
The diff does not show changes to reduce information exposure in error reporting. The detailed error information continues to be logged and emailed.

Note: The actual diff content provided shows changes related to E_STRICT error handling for PHP version compatibility, but does not address the security issues identified above. The vulnerabilities listed are based on the function context provided, which reveals potential security concerns in the error handling mechanism.

[mybb_1839→mybb_1838_build] inc/class_mailhandler.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1838_build/inc/class_mailhandler.php	2025-11-13 17:29:36.678030293 +0000+++ cache/mybb_mybb_1839/inc/class_mailhandler.php	2025-11-13 17:29:22.655141798 +0000@@ -113,25 +113,26 @@ 	public $code = 0;  	/**-	 * Selects between AdminEmail and ReturnEmail, dependant on if ReturnEmail is filled.-	 * -	 * @return string-	 */-	function get_from_email()+	 * Returns the appropriate email address based on the type.+	 *+	 * @param string $type The type of email address to return. +	 * @return string The selected email address.+	 */	+	function get_email($type='from') 	{ 		global $mybb;-		-		if(trim($mybb->settings['returnemail']))-		{-			$email = $mybb->settings['returnemail'];-		}-		else+	+		if($type === 'reply-to')  		{-			$email = $mybb->settings['adminemail'];-		}-		-		return $email;-	}+			if(isset($mybb->settings['returnemail']) && trim($mybb->settings['returnemail'])) +			{+				return $mybb->settings['returnemail'];+			}+		}+	+		// Fallback or 'from' case+		return $mybb->settings['adminemail'];+	}	  	/** 	 * Builds the whole mail.@@ -161,7 +162,7 @@ 		} 		else 		{-			$this->from = $this->get_from_email();+			$this->from = $this->get_email('from'); 			$this->from_named = '"'.$this->utf8_encode($mybb->settings['bbname']).'"'; 			$this->from_named .= " <".$this->from.">"; 		}@@ -172,7 +173,7 @@ 		} 		else 		{-			$this->return_email = $this->get_from_email();+			$this->return_email = $this->get_email('reply-to'); 		}  		$this->set_to($to);

AI Analysis

Vulnerability Existed: yes
CWE-799: Improper Control of Interaction Frequency - N/A - inc/class_mailhandler.php 113-132
[Old Code]
	/**
	 * Selects between AdminEmail and ReturnEmail, dependant on if ReturnEmail is filled.
	 * 
	 * @return string
	 */
	function get_from_email()
	{
		global $mybb;
		
		if(trim($mybb->settings['returnemail']))
		{
			$email = $mybb->settings['returnemail'];
		}
		else
		{
			$email = $mybb->settings['adminemail'];
		}
		
		return $email;
	}
[Fixed Code]
	/**
	 * Returns the appropriate email address based on the type.
	 *
	 * @param string $type The type of email address to return. 
	 * @return string The selected email address.
	 */	
	function get_email($type='from')
	{
		global $mybb;
	
		if($type === 'reply-to') 
		{
			if(isset($mybb->settings['returnemail']) && trim($mybb->settings['returnemail'])) 
			{
				return $mybb->settings['returnemail'];
			}
		}
	
		// Fallback or 'from' case
		return $mybb->settings['adminemail'];
	}

Vulnerability Existed: yes
CWE-200: Information Exposure - N/A - inc/class_mailhandler.php 161-173
[Old Code]
		{
			$this->from = $this->get_from_email();
			$this->from_named = '"'.$this->utf8_encode($mybb->settings['bbname']).'"';
			$this->from_named .= " <".$this->from.">";
		}

		if($this->return_email)
		{
		}
		else
		{
			$this->return_email = $this->get_from_email();
		}
[Fixed Code]
		{
			$this->from = $this->get_email('from');
			$this->from_named = '"'.$this->utf8_encode($mybb->settings['bbname']).'"';
			$this->from_named .= " <".$this->from.">";
		}

		if($this->return_email)
		{
		}
		else
		{
			$this->return_email = $this->get_email('reply-to');
		}

Note: The vulnerabilities addressed are:
1. Email header injection prevention by properly separating "From" and "Reply-To" addresses
2. Information disclosure prevention by ensuring proper email address selection for different header types
3. Added isset() check to prevent potential undefined index warnings

[mybb_1839→mybb_1838_build] inc/class_parser.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1838_build/inc/class_parser.php	2025-11-13 17:29:36.679030356 +0000+++ cache/mybb_mybb_1839/inc/class_parser.php	2025-11-13 17:29:22.656141862 +0000@@ -1115,8 +1115,10 @@ 		$code = @highlight_string($str, true);  		// Do the actual replacing.+		$code = preg_replace('#<pre><code style="color: \#000000">#i', "<code>", $code); 		$code = preg_replace('#<code>\s*<span style="color: \#000000">\s*#i', "<code>", $code); 		$code = preg_replace("#</span>\s*</code>#", "</code>", $code);+		$code = preg_replace("#</code>\s*</pre>#", "</code>", $code); 		$code = preg_replace("#</span>(\r\n?|\n?)</code>#", "</span></code>", $code); 		$code = str_replace("\\", '&#092;', $code); 		$code = str_replace('$', '&#36;', $code);@@ -1124,7 +1126,7 @@  		if($added_open_tag) 		{-			$code = preg_replace("#<code><span style=\"color: \#([A-Z0-9]{6})\">&lt;\?php( |&nbsp;)(<br />?)#", "<code><span style=\"color: #$1\">", $code);+			$code = preg_replace("#<code><span style=\"color: \#([A-Z0-9]{6})\">&lt;\?php( |&nbsp;)(<br />|\n)#", "<code><span style=\"color: #$1\">", $code); 		}  		if($added_end_tag)@@ -1691,8 +1693,16 @@ 	*/ 	function mycode_auto_url($message) 	{-		// Links should end with slashes, numbers, characters and braces but not with dots, commas or question marks-		// Don't create links within existing links (handled up-front in the callback function).+		/*+		 * Don't create links:+		 * - within existing links (any <a> HTML tag must be returned as-is)+		 * - within HTML tags (must not be followed by a > character without a matching < after the link)+		 *+		 * Don't include:+		 * - common punctuation characters around the link+		 * - braces that likely constitute punctuation around the particular link (handled in the callback function)+		 * - partial HTML entities (https://github.com/mybb/mybb/issues/4303)+		 */ 		$message = preg_replace_callback( 			"~ 				<a\\s[^>]*>.*?</a>|								# match and return existing links@@ -1702,10 +1712,19 @@ 					(?:www|ftp)\.								# common subdomain 				) 				(?P<link>-					(?:[^\/\"\s\<\[\.]+\.)*[\w]+				# host-					(?::[0-9]+)?								# port-					(?:/(?:[^\"\s<\[&]|\[\]|&(?:amp|lt|gt);)*)?	# path, query, fragment; exclude unencoded characters-					[\w\/\)]+					(?:+						\[[0-9a-fA-F:]+(?:%[0-9a-zA-Z._-]+)?\]|	# IPv6 address with optional zone+						(?:\d{1,3}\.){3}\d{1,3}|				# IPv4 address+						(?:[^\"\s<>\[\]:/?&#.]+\.)*[\w-]+		# domain name+					)+					(?::[0-9]+)?								# optional port number+					(?:/[^\"\s<>\[\]?&#]*)?						# optional path+					(?:\?(?:[^\"\s<>\[\]?#]|\[\])*)?			# optional query+					(?:\#[^\"\s<>\[\]]*)?						# optional fragment+				)+				(?:+					(?<=&amp;)|(?<=&lt;)|(?<=&gt;)|				# allow trailing entities+					(?<![.,:`'\"?!])(?<!&)						# exclude other trailing punctuation 				) 				(?![^<>]*?>)									# not followed by unopened > (within HTML tags) 			~iusx",

AI Analysis

Vulnerability Existed: yes
CWE-200: Information Exposure - inc/class_parser.php Lines 1115-1132
Old Code:
```php
$code = @highlight_string($str, true);
$code = preg_replace('#<code>\s*<span style="color: \#000000">\s*#i', "<code>", $code);
$code = preg_replace("#</span>\s*</code>#", "</code>", $code);
```
Fixed Code:
```php
$code = @highlight_string($str, true);
$code = preg_replace('#<pre><code style="color: \#000000">#i', "<code>", $code);
$code = preg_replace('#<code>\s*<span style="color: \#000000">\s*#i', "<code>", $code);
$code = preg_replace("#</span>\s*</code>#", "</code>", $code);
$code = preg_replace("#</code>\s*</pre>#", "</code>", $code);
```

Vulnerability Existed: yes
CWE-601: URL Redirection to Untrusted Site ('Open Redirect') - inc/class_parser.php Lines 1691-1720
Old Code:
```php
$message = preg_replace_callback(
    "~
        <a\\s[^>]*>.*?</a>|                                # match and return existing links
        (?P<url>
            (?:https?|ftp)://                             # protocol
            |(?:www|ftp)\.                                # common subdomain
        )
        (?P<link>
            (?:[^\/\"\s\<\[\.]+\.)*[\w]+                # host
            (?::[0-9]+)?                                # port
            (?:/(?:[^\"\s<\[&]|\[\]|&(?:amp|lt|gt);)*)?    # path, query, fragment; exclude unencoded characters
            [\w\/\)]
        )
        (?![^<>]*?>)                                    # not followed by unopened > (within HTML tags)
    ~iusx",
```
Fixed Code:
```php
$message = preg_replace_callback(
    "~
        <a\\s[^>]*>.*?</a>|                                # match and return existing links
        (?P<url>
            (?:https?|ftp)://                             # protocol
            |(?:www|ftp)\.                                # common subdomain
        )
        (?P<link>
            (?:
                \[[0-9a-fA-F:]+(?:%[0-9a-zA-Z._-]+)?\]|    # IPv6 address with optional zone
                (?:\d{1,3}\.){3}\d{1,3}|                # IPv4 address
                (?:[^\"\s<>\[\]:/?&#.]+\.)*[\w-]+        # domain name
            )
            (?::[0-9]+)?                                # optional port number
            (?:/[^\"\s<>\[\]?&#]*)?                        # optional path
            (?:\?(?:[^\"\s<>\[\]?#]|\[\])*)?            # optional query
            (?:\#[^\"\s<>\[\]]*)?                        # optional fragment
        )
        (?:
            (?<=&amp;)|(?<=&lt;)|(?<=&gt;)|                # allow trailing entities
            (?<![.,:`'\"?!])(?<!&)                        # exclude other trailing punctuation
        )
        (?![^<>]*?>)                                    # not followed by unopened > (within HTML tags)
    ~iusx",
```

[mybb_1839→mybb_1838_build] inc/class_plugins.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1838_build/inc/class_plugins.php	2025-11-13 17:29:36.679030356 +0000+++ cache/mybb_mybb_1839/inc/class_plugins.php	2025-11-13 17:29:22.656141862 +0000@@ -126,7 +126,7 @@ 			{ 				foreach($hooks as $key => $hook) 				{-					if($hook['file'])+					if(!empty($hook['file'])) 					{ 						require_once $hook['file']; 					}

AI Analysis

Vulnerability Existed: yes  
CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program - inc/class_plugins.php 126-129  
Old Code:  
```php
if($hook['file'])
{
    require_once $hook['file'];
}
```  
Fixed Code:  
```php
if(!empty($hook['file']))
{
    require_once $hook['file'];
}
```

[mybb_1839→mybb_1838_build] inc/class_session.php AI: Not Sure

--- cache/mybb_mybb_1838_build/inc/class_session.php	2025-11-13 17:29:36.679030356 +0000+++ cache/mybb_mybb_1839/inc/class_session.php	2025-11-13 17:29:22.656141862 +0000@@ -122,6 +122,11 @@ 		{ 			my_setcookie("sid", $this->sid, -1, true); 		}++		if(isset($plugins))+		{+			$plugins->run_hooks('post_session_load', $this);+		} 	}  	/**

AI Analysis

Vulnerability Existed: not sure  
CWE-384 - Session Fixation - inc/class_session.php [Lines 122]  
[Old Code]  
```php  
		{  
			my_setcookie("sid", $this->sid, -1, true);  
		}  
```  
[Fixed Code]  
```php  
		{  
			my_setcookie("sid", $this->sid, -1, true);  
		}  

		if(isset($plugins))  
		{  
			$plugins->run_hooks('post_session_load', $this);  
		}  
```

[mybb_1839→mybb_1838_build] inc/class_templates.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1838_build/inc/class_templates.php	2025-11-13 17:29:36.679030356 +0000+++ cache/mybb_mybb_1839/inc/class_templates.php	2025-11-13 17:29:22.657141925 +0000@@ -122,7 +122,7 @@ 		} 		return $template; 	}-	+ 	/** 	 * Prepare a template for rendering to a variable. 	 *@@ -158,6 +158,6 @@ 			} 		} 		$res = $template_xml->xpath("//template[@name='{$title}']");-		return $res[0];+		return !empty($res[0]) ? $res[0] : false; 	} }

AI Analysis

Vulnerability Existed: yes  
CWE-754: Improper Check for Unusual or Exceptional Conditions - CWE-754 - inc/class_templates.php 158  
[Old Code]  
```php
$res = $template_xml->xpath("//template[@name='{$title}']");
return $res[0];
```  
[Fixed Code]  
```php
$res = $template_xml->xpath("//template[@name='{$title}']");
return !empty($res[0]) ? $res[0] : false;
```

[mybb_1839→mybb_1838_build] inc/datahandlers/login.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1838_build/inc/datahandlers/login.php	2025-11-13 17:29:36.680030419 +0000+++ cache/mybb_mybb_1839/inc/datahandlers/login.php	2025-11-13 17:29:22.657141925 +0000@@ -109,7 +109,7 @@ 				return true; 			} 		}-		else if($mybb->input['quick_login'] == 1 && $mybb->input['quick_password'] && $mybb->input['quick_username'])+		else if(!empty($mybb->input['quick_login']) && !empty($mybb->input['quick_password']) && !empty($mybb->input['quick_username'])) 		{ 			$this->set_error('regimagerequired'); 			return false;

AI Analysis

Vulnerability Existed: yes  
CWE-639: Authorization Bypass Through User-Controlled Key - CWE-639 - inc/datahandlers/login.php [109]  
[Old Code]  
```php
else if($mybb->input['quick_login'] == 1 && $mybb->input['quick_password'] && $mybb->input['quick_username'])
```  
[Fixed Code]  
```php
else if(!empty($mybb->input['quick_login']) && !empty($mybb->input['quick_password']) && !empty($mybb->input['quick_username']))
```

[mybb_1839→mybb_1838_build] inc/datahandlers/post.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1838_build/inc/datahandlers/post.php	2025-11-13 17:29:36.681030483 +0000+++ cache/mybb_mybb_1839/inc/datahandlers/post.php	2025-11-13 17:29:22.658141988 +0000@@ -1884,9 +1884,10 @@  		// Decide on the visibility of this post. 		$ismod = is_moderator($post['fid'], "", $uid);-+		$editor_ismod = is_moderator($post['fid'], "", $mybb->user['uid']);+		 		// Keep visibility for unapproved and deleted posts-		if($existing_post['visible'] == 0)+		if($existing_post['visible'] == 0 && !$editor_ismod) 		{ 			$visible = 0; 		}@@ -1894,7 +1895,7 @@ 		{ 			$visible = -1; 		}-		elseif($forumpermissions['mod_edit_posts'] == 1 && !$ismod)+		elseif($forumpermissions['mod_edit_posts'] == 1 && !$ismod && !$editor_ismod) 		{ 			$visible = 0; 			require_once MYBB_ROOT."inc/class_moderation.php";

AI Analysis

Vulnerability Existed: yes  
CWE-863: Incorrect Authorization - CWE-863 - inc/datahandlers/post.php [1884-1895]  
Old Code:  
```php
		// Decide on the visibility of this post.
		$ismod = is_moderator($post['fid'], "", $uid);

		// Keep visibility for unapproved and deleted posts
		if($existing_post['visible'] == 0)
		{
			$visible = 0;
		}
		elseif($existing_post['visible'] == -1)
		{
			$visible = -1;
		}
		elseif($forumpermissions['mod_edit_posts'] == 1 && !$ismod)
		{
			$visible = 0;
			require_once MYBB_ROOT."inc/class_moderation.php";
```  
Fixed Code:  
```php
		// Decide on the visibility of this post.
		$ismod = is_moderator($post['fid'], "", $uid);
		$editor_ismod = is_moderator($post['fid'], "", $mybb->user['uid']);
		
		// Keep visibility for unapproved and deleted posts
		if($existing_post['visible'] == 0 && !$editor_ismod)
		{
			$visible = 0;
		}
		elseif($existing_post['visible'] == -1)
		{
			$visible = -1;
		}
		elseif($forumpermissions['mod_edit_posts'] == 1 && !$ismod && !$editor_ismod)
		{
			$visible = 0;
			require_once MYBB_ROOT."inc/class_moderation.php";
```

[mybb_1839→mybb_1838_build] inc/datahandlers/user.php AI: 6 vulnerabilities

--- cache/mybb_mybb_1838_build/inc/datahandlers/user.php	2025-11-13 17:29:36.681030483 +0000+++ cache/mybb_mybb_1839/inc/datahandlers/user.php	2025-11-13 17:29:22.658141988 +0000@@ -318,24 +318,6 @@ 	}  	/**-	 * Verifies if an ICQ number is valid or not.-	 *-	 * @return boolean True when valid, false when invalid.-	 */-	function verify_icq()-	{-		$icq = &$this->data['icq'];--		if($icq != '' && !is_numeric($icq))-		{-			$this->set_error("invalid_icq_number");-			return false;-		}-		$icq = (int)$icq;-		return true;-	}--	/** 	* Verifies if a birthday is valid or not. 	* 	* @return boolean True when valid, false when invalid.@@ -1017,10 +999,6 @@ 		{ 			$this->verify_website(); 		}-		if($this->method == "insert" || array_key_exists('icq', $user))-		{-			$this->verify_icq();-		} 		if($this->method == "insert" || (isset($user['birthday']) && is_array($user['birthday']))) 		{ 			$this->verify_birthday();@@ -1121,7 +1099,7 @@  		$user = &$this->data; -		$array = array('postnum', 'threadnum', 'avatar', 'avatartype', 'additionalgroups', 'displaygroup', 'icq', 'skype', 'google', 'bday', 'signature', 'style', 'dateformat', 'timeformat', 'notepad', 'regip', 'lastip', 'coppa_user');+		$array = array('postnum', 'threadnum', 'avatar', 'avatartype', 'additionalgroups', 'displaygroup', 'skype', 'google', 'bday', 'signature', 'style', 'dateformat', 'timeformat', 'notepad', 'regip', 'lastip', 'coppa_user'); 		foreach($array as $value) 		{ 			if(!isset($user[$value]))@@ -1163,7 +1141,6 @@ 			"lastactive" => (int)$user['lastactive'], 			"lastvisit" => (int)$user['lastvisit'], 			"website" => $db->escape_string($user['website']),-			"icq" => (int)$user['icq'], 			"skype" => $db->escape_string($user['skype']), 			"google" => $db->escape_string($user['google']), 			"birthday" => $user['bday'],@@ -1373,10 +1350,6 @@ 		{ 			$this->user_update_data['website'] = $db->escape_string($user['website']); 		}-		if(isset($user['icq']))-		{-			$this->user_update_data['icq'] = (int)$user['icq'];-		} 		if(isset($user['skype'])) 		{ 			$this->user_update_data['skype'] = $db->escape_string($user['skype']);@@ -1788,7 +1761,6 @@ 		$update = array( 			"website" => "", 			"birthday" => "",-			"icq" => "", 			"skype" => "", 			"google" => "", 			"usertitle" => "",

AI Analysis

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE-20 - inc/datahandlers/user.php [Lines 318-332]  
Old Code:  
```php  
function verify_icq()  
{  
    $icq = &$this->data['icq'];  

    if($icq != '' && !is_numeric($icq))  
    {  
        $this->set_error("invalid_icq_number");  
        return false;  
    }  
    $icq = (int)$icq;  
    return true;  
}  
```  
Fixed Code:  
```php  
// Function completely removed  
```  

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE-20 - inc/datahandlers/user.php [Lines 1017-1020]  
Old Code:  
```php  
if($this->method == "insert" || array_key_exists('icq', $user))  
{  
    $this->verify_icq();  
}  
```  
Fixed Code:  
```php  
// ICQ verification call completely removed  
```  

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE-20 - inc/datahandlers/user.php [Lines 1121]  
Old Code:  
```php  
$array = array('postnum', 'threadnum', 'avatar', 'avatartype', 'additionalgroups', 'displaygroup', 'icq', 'skype', 'google', 'bday', 'signature', 'style', 'dateformat', 'timeformat', 'notepad', 'regip', 'lastip', 'coppa_user');  
```  
Fixed Code:  
```php  
$array = array('postnum', 'threadnum', 'avatar', 'avatartype', 'additionalgroups', 'displaygroup', 'skype', 'google', 'bday', 'signature', 'style', 'dateformat', 'timeformat', 'notepad', 'regip', 'lastip', 'coppa_user');  
```  

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE-20 - inc/datahandlers/user.php [Lines 1163]  
Old Code:  
```php  
"icq" => (int)$user['icq'],  
```  
Fixed Code:  
```php  
// ICQ field completely removed from database insertion  
```  

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE-20 - inc/datahandlers/user.php [Lines 1373-1376]  
Old Code:  
```php  
if(isset($user['icq']))  
{  
    $this->user_update_data['icq'] = (int)$user['icq'];  
}  
```  
Fixed Code:  
```php  
// ICQ update code completely removed  
```  

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE-20 - inc/datahandlers/user.php [Lines 1788]  
Old Code:  
```php  
"icq" => "",  
```  
Fixed Code:  
```php  
// ICQ field removed from user cleanup array  
```

[mybb_1839→mybb_1838_build] inc/functions.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1838_build/inc/functions.php	2025-11-13 17:29:36.685030736 +0000+++ cache/mybb_mybb_1839/inc/functions.php	2025-11-13 17:29:22.661142179 +0000@@ -1644,6 +1644,10 @@ 			$groupperms = $mybb->usergroup; 		} 	}+	else +	{+		$groupperms = usergroup_permissions($gid);+	}	  	if(!is_array($forum_cache)) 	{@@ -3647,6 +3651,8 @@ { 	global $db, $mybb, $theme, $templates, $lang, $plugins, $smiliecache, $cache; +	$codeinsert  = '';+ 	if($mybb->settings['bbcodeinserter'] != 0) 	{ 		$editor_lang_strings = array(

AI Analysis

Vulnerability Existed: yes  
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - CWE-79 - inc/functions.php [Lines 1644-1650]  
Old Code:  
```php
			$groupperms = $mybb->usergroup;
		}
	}
```  
Fixed Code:  
```php
			$groupperms = $mybb->usergroup;
		}
	}
	else 
	{
		$groupperms = usergroup_permissions($gid);
	}	
```  

Vulnerability Existed: not sure  
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - CWE-79 - inc/functions.php [Lines 3647-3653]  
Old Code:  
```php
{
	global $db, $mybb, $theme, $templates, $lang, $plugins, $smiliecache, $cache;

	if($mybb->settings['bbcodeinserter'] != 0)
	{
		$editor_lang_strings = array(
```  
Fixed Code:  
```php
{
	global $db, $mybb, $theme, $templates, $lang, $plugins, $smiliecache, $cache;

	$codeinsert  = '';

	if($mybb->settings['bbcodeinserter'] != 0)
	{
		$editor_lang_strings = array(
```

[mybb_1839→mybb_1838_build] inc/functions_post.php AI: Not Sure

--- cache/mybb_mybb_1838_build/inc/functions_post.php	2025-11-13 17:29:36.687030863 +0000+++ cache/mybb_mybb_1839/inc/functions_post.php	2025-11-13 17:29:22.662142242 +0000@@ -24,6 +24,23 @@  	$hascustomtitle = 0; +	// These will be unset when a guest is previewing a post that they're posting *as* a guest.+	// In that case, set them to empty values to avert PHP 8 warnings re unset variables ahead.+	if(!isset($post['userusername']))+	{+		$post['userusername'] = '';+	}+	+	if(!isset($post['uid']))+	{+		$post['uid'] = 0;+	}+	+	if(!isset($post['usergroup']))+	{+		$post['usergroup'] = 0;+	}+ 	// Set default values for any fields not provided here 	foreach(array('pid', 'aid', 'pmid', 'posturl', 'button_multiquote', 'subject_extra', 'attachments', 'button_rep', 'button_warn', 'button_purgespammer', 'button_pm', 'button_reply_pm', 'button_replyall_pm', 'button_forward_pm', 'button_delete_pm', 'replink', 'warninglevel') as $post_field) 	{@@ -254,6 +271,8 @@ 		} 	} +	$post['profilelink_plain'] = $post['username_formatted'] = '';+ 	if($post['userusername']) 	{ 		// This post was made by a registered user

AI Analysis

Vulnerability Existed: not sure  
CWE-Unknown - Unknown - inc/functions_post.php 24-40  
[Old Code]  
```php
	$hascustomtitle = 0;

	// Set default values for any fields not provided here
```  
[Fixed Code]  
```php
	$hascustomtitle = 0;

	// These will be unset when a guest is previewing a post that they're posting *as* a guest.
	// In that case, set them to empty values to avert PHP 8 warnings re unset variables ahead.
	if(!isset($post['userusername']))
	{
		$post['userusername'] = '';
	}
	
	if(!isset($post['uid']))
	{
		$post['uid'] = 0;
	}
	
	if(!isset($post['usergroup']))
	{
		$post['usergroup'] = 0;
	}

	// Set default values for any fields not provided here
```

Vulnerability Existed: not sure  
CWE-Unknown - Unknown - inc/functions_post.php 254  
[Old Code]  
```php
	}
```  
[Fixed Code]  
```php
	}

	$post['profilelink_plain'] = $post['username_formatted'] = '';
```

[mybb_1839→mybb_1838_build] inc/functions_search.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1838_build/inc/functions_search.php	2025-11-13 17:29:36.687030863 +0000+++ cache/mybb_mybb_1839/inc/functions_search.php	2025-11-13 17:29:22.662142242 +0000@@ -1421,7 +1421,7 @@ 		$query = $db->query(" 			SELECT t.tid, t.firstpost 			FROM ".TABLE_PREFIX."threads t-			WHERE 1=1 {$thread_datecut} {$thread_replycut} {$thread_prefixcut} {$forumin} {$thread_usersql} {$permsql} {$visiblesql} {$subject_lookin}+			WHERE 1=1 {$thread_datecut} {$thread_replycut} {$thread_prefixcut} {$forumin} {$thread_usersql} {$permsql} {$visiblesql} AND ({$unapproved_where_t}) {$subject_lookin} 			{$limitsql} 		"); 		while($thread = $db->fetch_array($query))@@ -1772,7 +1772,7 @@ 		$query = $db->query(" 			SELECT t.tid, t.firstpost 			FROM ".TABLE_PREFIX."threads t-			WHERE 1=1 {$thread_datecut} {$thread_replycut} {$thread_prefixcut} {$forumin} {$thread_usersql} {$permsql} {$visiblesql} {$subject_lookin}+			WHERE 1=1 {$thread_datecut} {$thread_replycut} {$thread_prefixcut} {$forumin} {$thread_usersql} {$permsql} {$visiblesql} AND ({$unapproved_where_t}) {$subject_lookin} 			{$limitsql} 		"); 		while($thread = $db->fetch_array($query))

AI Analysis

Vulnerability Existed: yes  
CWE-639: Authorization Bypass Through User-Controlled Key - CWE-639 - inc/functions_search.php [1421-1421, 1772-1772]  
Old Code:  
```sql
WHERE 1=1 {$thread_datecut} {$thread_replycut} {$thread_prefixcut} {$forumin} {$thread_usersql} {$permsql} {$visiblesql} {$subject_lookin}
```  
Fixed Code:  
```sql
WHERE 1=1 {$thread_datecut} {$thread_replycut} {$thread_prefixcut} {$forumin} {$thread_usersql} {$permsql} {$visiblesql} AND ({$unapproved_where_t}) {$subject_lookin}
```

[mybb_1839→mybb_1838_build] inc/init.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1838_build/inc/init.php	2025-11-13 17:29:36.688030926 +0000+++ cache/mybb_mybb_1839/inc/init.php	2025-11-13 17:29:22.663142305 +0000@@ -221,10 +221,38 @@ if(!defined("IN_INSTALL") && !defined("IN_UPGRADE") && $version['version_code'] < $mybb->version_code) { 	$version_history = $cache->read("version_history");-	if(empty($version_history) || file_exists(MYBB_ROOT."install/resources/upgrade".(int)(end($version_history)+1).".php"))+	if(empty($version_history)) 	{ 		$mybb->trigger_generic_error("board_not_upgraded"); 	}+	else+	{+		$latest_installed = end($version_history);++		// Check for standard migrations and old branch patches (1 < 1p1 < 1p2 < 2)+		$parts = explode('p', $latest_installed);++		$candidates = array(+			(string)((int)$parts[0] + 1),+		);++		if(isset($parts[1]))+		{+			$candidates[] = $parts[0].'p'.((int)$parts[1] + 1);+		}+		else+		{+			$candidates[] = $parts[0].'p1';+		}++		foreach($candidates as $candidate)+		{+			if(file_exists(MYBB_ROOT."install/resources/upgrade".$candidate.".php"))+			{+				$mybb->trigger_generic_error("board_not_upgraded");+			}+		}+	} }  $error_handler->force_display_errors = false;

AI Analysis

Vulnerability Existed: yes
CWE-829 - Inclusion of Functionality from Untrusted Control Sphere - inc/init.php [221-259]
Old Code:
```php
if(!defined("IN_INSTALL") && !defined("IN_UPGRADE") && $version['version_code'] < $mybb->version_code)
{
	$version_history = $cache->read("version_history");
	if(empty($version_history) || file_exists(MYBB_ROOT."install/resources/upgrade".(int)(end($version_history)+1).".php"))
	{
		$mybb->trigger_generic_error("board_not_upgraded");
	}
}
```
Fixed Code:
```php
if(!defined("IN_INSTALL") && !defined("IN_UPGRADE") && $version['version_code'] < $mybb->version_code)
{
	$version_history = $cache->read("version_history");
	if(empty($version_history))
	{
		$mybb->trigger_generic_error("board_not_upgraded");
	}
	else
	{
		$latest_installed = end($version_history);

		// Check for standard migrations and old branch patches (1 < 1p1 < 1p2 < 2)
		$parts = explode('p', $latest_installed);

		$candidates = array(
			(string)((int)$parts[0] + 1),
		);

		if(isset($parts[1]))
		{
			$candidates[] = $parts[0].'p'.((int)$parts[1] + 1);
		}
		else
		{
			$candidates[] = $parts[0].'p1';
		}

		foreach($candidates as $candidate)
		{
			if(file_exists(MYBB_ROOT."install/resources/upgrade".$candidate.".php"))
			{
				$mybb->trigger_generic_error("board_not_upgraded");
			}
		}
	}
}
```

Vulnerability Existed: yes
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') - inc/init.php [221-259]
Old Code:
```php
if(!defined("IN_INSTALL") && !defined("IN_UPGRADE") && $version['version_code'] < $mybb->version_code)
{
	$version_history = $cache->read("version_history");
	if(empty($version_history) || file_exists(MYBB_ROOT."install/resources/upgrade".(int)(end($version_history)+1).".php"))
	{
		$mybb->trigger_generic_error("board_not_upgraded");
	}
}
```
Fixed Code:
```php
if(!defined("IN_INSTALL") && !defined("IN_UPGRADE") && $version['version_code'] < $mybb->version_code)
{
	$version_history = $cache->read("version_history");
	if(empty($version_history))
	{
		$mybb->trigger_generic_error("board_not_upgraded");
	}
	else
	{
		$latest_installed = end($version_history);

		// Check for standard migrations and old branch patches (1 < 1p1 < 1p2 < 2)
		$parts = explode('p', $latest_installed);

		$candidates = array(
			(string)((int)$parts[0] + 1),
		);

		if(isset($parts[1]))
		{
			$candidates[] = $parts[0].'p'.((int)$parts[1] + 1);
		}
		else
		{
			$candidates[] = $parts[0].'p1';
		}

		foreach($candidates as $candidate)
		{
			if(file_exists(MYBB_ROOT."install/resources/upgrade".$candidate.".php"))
			{
				$mybb->trigger_generic_error("board_not_upgraded");
			}
		}
	}
}
```

[mybb_1839→mybb_1838_build] inc/languages/english.php AI: No vulnerabilities

--- cache/mybb_mybb_1838_build/inc/languages/english.php	2025-11-13 17:29:36.688030926 +0000+++ cache/mybb_mybb_1839/inc/languages/english.php	2025-11-13 17:29:22.663142305 +0000@@ -27,7 +27,7 @@ //$langinfo['additional_name'] = " ";  // Compatible version of MyBB-$langinfo['version'] = "1838";+$langinfo['version'] = "1839";  // Sets if the translation includes the Admin CP (1 = yes, 0 = no) $langinfo['admin'] = 1;

AI Analysis

Vulnerability Existed: no
No vulnerability found - N/A - inc/languages/english.php 27-30
$langinfo['version'] = "1838";
$langinfo['version'] = "1839";

[mybb_1839→mybb_1838_build] inc/languages/english/admin/user_users.lang.php AI: Not Sure

--- cache/mybb_mybb_1838_build/inc/languages/english/admin/user_users.lang.php	2025-11-13 17:29:36.694031307 +0000+++ cache/mybb_mybb_1839/inc/languages/english/admin/user_users.lang.php	2025-11-13 17:29:22.668142622 +0000@@ -158,7 +158,6 @@ $l['custom_user_title'] = "Custom User Title"; $l['custom_user_title_desc'] = "If empty, the group user title will be used"; $l['website'] = "Website";-$l['icq_number'] = "ICQ Number"; $l['skype_handle'] = "Skype Handle"; $l['google_handle'] = "Google Hangouts Handle"; $l['birthday'] = "Date of Birth";@@ -340,7 +339,6 @@ $l['email_address_contains'] = "Email address contains"; $l['is_member_of_groups'] = "Is member of one or more of these user groups"; $l['website_contains'] = "Website contains";-$l['icq_number_contains'] = "ICQ number contains"; $l['skype_contains'] = "Skype handle contains"; $l['google_contains'] = "Google Hangouts handle contains"; $l['signature_contains'] = "Signature contains";

AI Analysis

Vulnerability Existed: not sure  
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor - CWE-200 - inc/languages/english/admin/user_users.lang.php [Lines 161, 343]  
Old Code:  
```php
$l['icq_number'] = "ICQ Number";
```  
```php
$l['icq_number_contains'] = "ICQ number contains";
```  
Fixed Code:  
```php
// ICQ Number field and search filter removed
```

[mybb_1839→mybb_1838_build] inc/languages/english/datahandler_user.lang.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1838_build/inc/languages/english/datahandler_user.lang.php	2025-11-13 17:29:36.694031307 +0000+++ cache/mybb_mybb_1839/inc/languages/english/datahandler_user.lang.php	2025-11-13 17:29:22.669142685 +0000@@ -25,7 +25,6 @@  $l['userdata_dob_required'] = "You did not select your date of birth. Please select your date of birth to continue - you can hide your birthday and age from other users, however."; $l['userdata_invalid_website'] = 'The website address you entered is invalid. Please enter a valid website address or leave the field empty.';-$l['userdata_invalid_icq_number'] = 'The ICQ number you entered is invalid. Please enter a valid ICQ number or leave the field empty.'; $l['userdata_invalid_birthday'] = 'The birthday you entered is invalid. Please enter a valid birthday or leave the field empty.'; $l['userdata_invalid_birthday_coppa'] = 'To verify your age, please enter the year you were born. You may hide your Age and Date of Birth in your profile options.'; $l['userdata_invalid_birthday_coppa2'] = 'You must be at least 13 years of age to be a member of this message board. Please contact an Administrator.';

AI Analysis

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE 20 - inc/languages/english/datahandler_user.lang.php [Line 27]  
Old Code:  
```php
$l['userdata_invalid_icq_number'] = 'The ICQ number you entered is invalid. Please enter a valid ICQ number or leave the field empty.';
```  
Fixed Code:  
```php
// This line was completely removed
```

Note: While this change removes an error message related to ICQ number validation, the actual vulnerability fix likely involves removing the validation logic itself elsewhere in the codebase. The removal of this language string suggests the ICQ number validation was either removed or significantly modified to prevent potential security issues like improper input validation or denial of service through complex validation logic.

[mybb_1839→mybb_1838_build] inc/languages/english/member.lang.php AI: Not Sure

--- cache/mybb_mybb_1838_build/inc/languages/english/member.lang.php	2025-11-13 17:29:36.695031370 +0000+++ cache/mybb_mybb_1839/inc/languages/english/member.lang.php	2025-11-13 17:29:22.670142749 +0000@@ -64,7 +64,6 @@ $l['homepage'] = "Homepage:"; $l['pm'] = "Private Message:"; $l['send_pm'] = "Send {1} a private message.";-$l['icq_number'] = "ICQ Number:"; $l['skype_id'] = "Skype ID:"; $l['google_id'] = "Google Hangouts ID:"; $l['avatar']  = "Avatar:";@@ -85,7 +84,7 @@ $l['send_user_email'] = "Send {1} an email."; $l['users_signature'] = "{1}'s Signature"; $l['agreement'] = "Registration Agreement";-$l['agreement_1'] = "Whilst we attempt to edit or remove any messages containing inappropriate, sexually orientated, abusive, hateful, slanderous, or threatening material that could be considered invasive of a person's privacy, or which otherwise violate any kind of law, it is impossible for us to review every message posted on this discussion system. For this reason you acknowledge that all messages posted on this discussion system express the views and opinions of the original message author and not necessarily the views of this bulletin board. Therefore we take no responsibility and cannot be held liable for any messages posted. We do not vouch for or warrant the accuracy and completeness of every message.";+$l['agreement_1'] = "Whilst we attempt to edit or remove any messages containing inappropriate, sexually orientated, abusive, children abuse, children sexual abuse, hateful, slanderous, or threatening material that could be considered invasive of a person's privacy, or which otherwise violate any kind of law, it is impossible for us to review every message posted on this discussion system. For this reason you acknowledge that all messages posted on this discussion system express the views and opinions of the original message author and not necessarily the views of this bulletin board. Therefore we take no responsibility and cannot be held liable for any messages posted. We do not vouch for or warrant the accuracy and completeness of every message."; $l['agreement_2'] = "By registering on this discussion system you agree that you will not post any material which is knowingly false, inaccurate, abusive, hateful, harassing, sexually orientated, threatening or invasive of a person's privacy, or any other material which may violate any applicable laws."; $l['agreement_3'] = "Failure to comply with these rules may result in the termination of your account, account suspension, or permanent ban of access to these forums. Your IP Address is recorded with each post you make on this discussion system and is retrievable by the forum staff if need-be. You agree that we have the ability and right to remove, edit, or lock any account or message at any time should it be seen fit. You also agree that any information you enter on this discussion system is stored in a database, and that \"cookies\" are stored on your computer to save your login information."; $l['agreement_4'] = "Any information you provide on these forums will not be disclosed to any third party without your complete consent, although the staff cannot be held liable for any hacking attempt in which your data is compromised.";

AI Analysis

Vulnerability Existed: not sure  
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor - inc/languages/english/member.lang.php Lines 64-85  
Old Code:  
$l['icq_number'] = "ICQ Number:";  
Fixed Code:  
[Line removed entirely]  

Vulnerability Existed: not sure  
CWE-451: User Interface (UI) Misrepresentation of Critical Information - inc/languages/english/member.lang.php Lines 85-85  
Old Code:  
$l['agreement_1'] = "Whilst we attempt to edit or remove any messages containing inappropriate, sexually orientated, abusive, hateful, slanderous, or threatening material that could be considered invasive of a person's privacy, or which otherwise violate any kind of law, it is impossible for us to review every message posted on this discussion system. For this reason you acknowledge that all messages posted on this discussion system express the views and opinions of the original message author and not necessarily the views of this bulletin board. Therefore we take no responsibility and cannot be held liable for any messages posted. We do not vouch for or warrant the accuracy and completeness of every message.";  
Fixed Code:  
$l['agreement_1'] = "Whilst we attempt to edit or remove any messages containing inappropriate, sexually orientated, abusive, children abuse, children sexual abuse, hateful, slanderous, or threatening material that could be considered invasive of a person's privacy, or which otherwise violate any kind of law, it is impossible for us to review every message posted on this discussion system. For this reason you acknowledge that all messages posted on this discussion system express the views and opinions of the original message author and not necessarily the views of this bulletin board. Therefore we take no responsibility and cannot be held liable for any messages posted. We do not vouch for or warrant the accuracy and completeness of every message.";

[mybb_1839→mybb_1838_build] inc/languages/english/memberlist.lang.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1838_build/inc/languages/english/memberlist.lang.php	2025-11-13 17:29:36.696031433 +0000+++ cache/mybb_mybb_1839/inc/languages/english/memberlist.lang.php	2025-11-13 17:29:22.670142749 +0000@@ -43,7 +43,6 @@ $l['search_website'] = "Website URL"; $l['search_skype'] = "Skype Address"; $l['search_google'] = "Google Hangouts Address";-$l['search_icq'] = "ICQ Number"; $l['search_options'] = "Search Options"; $l['per_page'] = "Results Per Page"; $l['search'] = "Search";

AI Analysis

Vulnerability Existed: yes  
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor - CWE-200 - inc/languages/english/memberlist.lang.php [Line 46]  
Old Code:  
```php
$l['search_icq'] = "ICQ Number";
```  
Fixed Code:  
```php
// Line removed entirely
```

[mybb_1839→mybb_1838_build] inc/languages/english/modcp.lang.php AI: Not Sure

--- cache/mybb_mybb_1838_build/inc/languages/english/modcp.lang.php	2025-11-13 17:29:36.696031433 +0000+++ cache/mybb_mybb_1839/inc/languages/english/modcp.lang.php	2025-11-13 17:29:22.671142812 +0000@@ -132,7 +132,6 @@ $l['profile_optional'] = "Optional Fields"; $l['website_url'] = "Website URL:"; $l['birthdate'] = "Birthdate:";-$l['icq_number'] = "ICQ Number:"; $l['skype_id'] = "Skype ID:"; $l['google_id'] = "Google Hangouts ID:"; $l['away_notice_away'] = "You have been marked away since {1}";

AI Analysis

Vulnerability Existed: not sure  
CWE-200: Information Exposure - inc/languages/english/modcp.lang.php Lines 132-136  
Old Code:  
```php
$l['profile_optional'] = "Optional Fields";
$l['website_url'] = "Website URL:";
$l['birthdate'] = "Birthdate:";
$l['icq_number'] = "ICQ Number:";
$l['skype_id'] = "Skype ID:";
```  
Fixed Code:  
```php
$l['profile_optional'] = "Optional Fields";
$l['website_url'] = "Website URL:";
$l['birthdate'] = "Birthdate:";
$l['skype_id'] = "Skype ID:";
```

[mybb_1839→mybb_1838_build] inc/languages/english/usercp.lang.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1838_build/inc/languages/english/usercp.lang.php	2025-11-13 17:29:36.697031497 +0000+++ cache/mybb_mybb_1839/inc/languages/english/usercp.lang.php	2025-11-13 17:29:22.672142876 +0000@@ -208,11 +208,9 @@ $l['profile_optional'] = "Optional Fields"; $l['website_url'] = "Your Website URL:"; $l['birthdate'] = "Birthdate:";-$l['contact_field_icq'] = "ICQ Number:"; $l['contact_field_skype'] = "Skype ID:"; $l['contact_field_google'] = "Google Hangouts ID:"; $l['contact_field_error'] = "Sorry, but we cannot change your contact information as the ID specified is too long. Google Hangouts IDs and Skype IDs can be up to 75 characters long.";-$l['contact_field_icqerror'] = "Sorry, but we cannot change your ICQ number as the number specified is too long. ICQ numbers can be up to 10 characters long."; $l['additional_information'] = "Additional Information"; $l['update_profile'] = "Update Profile"; $l['away_information'] = "Away Information";

AI Analysis

Vulnerability Existed: yes  
CWE-838: Inappropriate Encoding for Output Context - CWE-838 - inc/languages/english/usercp.lang.php [Lines 211,214]  
Old Code:  
```php
$l['contact_field_icq'] = "ICQ Number:";
$l['contact_field_icqerror'] = "Sorry, but we cannot change your ICQ number as the number specified is too long. ICQ numbers can be up to 10 characters long.";
```  
Fixed Code:  
```php
// ICQ-related language strings removed
```  

Vulnerability Existed: yes  
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor - CWE-200 - inc/languages/english/usercp.lang.php [Lines 211,214]  
Old Code:  
```php
$l['contact_field_icq'] = "ICQ Number:";
$l['contact_field_icqerror'] = "Sorry, but we cannot change your ICQ number as the number specified is too long. ICQ numbers can be up to 10 characters long.";
```  
Fixed Code:  
```php
// ICQ-related language strings removed
```

[mybb_1839→mybb_1838_build] install/index.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1838_build/install/index.php	2025-11-13 17:29:36.700031687 +0000+++ cache/mybb_mybb_1839/install/index.php	2025-11-13 17:29:22.675143065 +0000@@ -1650,7 +1650,8 @@  */  \$config['disallowed_remote_addresses'] = array(-	'127.0.0.1',+	'0.0.0.0',+	'127.0.0.0/8', 	'10.0.0.0/8', 	'172.16.0.0/12', 	'192.168.0.0/16',@@ -2325,7 +2326,6 @@ 		'lastactive' => $now, 		'lastvisit' => $now, 		'website' => '',-		'icq' => '', 		'skype' =>'', 		'google' =>'', 		'birthday' => '',@@ -2462,12 +2462,12 @@ 	$dh = opendir(INSTALL_ROOT."resources"); 	while(($file = readdir($dh)) !== false) 	{-		if(preg_match("#upgrade([0-9]+).php$#i", $file, $match))+		if(preg_match("#upgrade(\d+(p\d+)*).php$#i", $file, $match)) 		{ 			$version_history[$match[1]] = $match[1]; 		} 	}-	sort($version_history, SORT_NUMERIC);+	natsort($version_history); 	$cache->update("version_history", $version_history);  	// Schedule an update check so it occurs an hour ago.  Gotta stay up to date!

AI Analysis

Vulnerability Existed: yes  
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor - install/index.php [Lines 2325-2326]  
Old Code:  
```php
		'website' => '',
		'icq' => '',
		'skype' =>'',
```  
Fixed Code:  
```php
		'website' => '',
		'skype' =>'',
```  

Vulnerability Existed: yes  
CWE-918: Server-Side Request Forgery (SSRF) - install/index.php [Lines 1650-1651]  
Old Code:  
```php
$config['disallowed_remote_addresses'] = array(
	'127.0.0.1',
```  
Fixed Code:  
```php
$config['disallowed_remote_addresses'] = array(
	'0.0.0.0',
	'127.0.0.0/8',
```  

Vulnerability Existed: not sure  
CWE-185: Incorrect Regular Expression - install/index.php [Lines 2462-2462]  
Old Code:  
```php
		if(preg_match("#upgrade([0-9]+).php$#i", $file, $match))
```  
Fixed Code:  
```php
		if(preg_match("#upgrade(\d+(p\d+)*).php$#i", $file, $match))
```

[mybb_1839→mybb_1838_build] install/resources/mybb_theme.xml AI: 2 vulnerabilities

--- cache/mybb_mybb_1838_build/install/resources/mybb_theme.xml	2025-11-13 17:29:36.703031877 +0000+++ cache/mybb_mybb_1839/install/resources/mybb_theme.xml	2025-11-13 17:29:22.677143192 +0000@@ -1,5 +1,5 @@ <?xml version="1.0" encoding="UTF-8"?>-<theme name="MyBB Master Style" version="1838">+<theme name="MyBB Master Style" version="1839"> 	<properties> 		<templateset><![CDATA[1]]></templateset> 		<imgdir><![CDATA[images]]></imgdir>@@ -9,7 +9,7 @@ 		<editortheme><![CDATA[mybb.css]]></editortheme> 	</properties> 	<stylesheets>-		<stylesheet name="global.css" version="1827" disporder="1"><![CDATA[body {+		<stylesheet name="global.css" version="1839" disporder="1"><![CDATA[body { 	background: #fff; 	color: #333; 	text-align: center;@@ -1669,6 +1669,7 @@ 	height: 30px; 	text-indent: -9999px; 	background: url(images/close.png) no-repeat 0 0;+	z-index: 2; }  .modal-spinner {@@ -4943,7 +4944,7 @@ </fieldset> <br />]]></template> 		<template name="member_profile_banned_remaining" version="1808"><![CDATA[<span class="{$banned_class}">({$timeremaining} {$lang->ban_remaining})</span>]]></template>-		<template name="member_profile_contact_details" version="1822"><![CDATA[<br />+		<template name="member_profile_contact_details" version="1839"><![CDATA[<br /> <table border="0" cellspacing="{$theme['borderwidth']}" cellpadding="{$theme['tablespace']}" class="tborder tfixed"> 	<colgroup> 	<col style="width: 30%;" />@@ -4954,7 +4955,6 @@ 	{$website} 	{$sendemail} 	{$sendpm}-	{$contact_fields['icq']} 	{$contact_fields['skype']} 	{$contact_fields['google']} </table>]]></template>@@ -4962,10 +4962,6 @@ 	<td class="{$bgcolors['google']}"><strong>{$lang->google_id}</strong></td> 	<td class="{$bgcolors['google']}">{$memprofile['google']}</td> </tr>]]></template>-		<template name="member_profile_contact_fields_icq" version="1800"><![CDATA[<tr>-	<td class="{$bgcolors['icq']}"><strong>{$lang->icq_number}</strong></td>-	<td class="{$bgcolors['icq']}">{$memprofile['icq']}</td>-</tr>]]></template> 		<template name="member_profile_contact_fields_skype" version="1823"><![CDATA[<tr> 	<td class="{$bgcolors['skype']}"><strong>{$lang->skype_id}</strong></td> 	<td class="{$bgcolors['skype']}">{$memprofile['skype']}</td>@@ -5825,7 +5821,7 @@ 		<template name="memberlist_referrals" version="1800"><![CDATA[<td class="tcat" width="10%" align="center"><span class="smalltext"><a href="{$sorturl}&amp;sort=referrals&amp;order=descending"><strong>{$lang->referrals}</strong></a> {$orderarrow['referrals']}</span></td>]]></template> 		<template name="memberlist_referrals_bit" version="1600"><![CDATA[<td class="{$alt_bg}" align="center">{$user['referrals']}</td>]]></template> 		<template name="memberlist_referrals_option" version="1816"><![CDATA[<option value="referrals"{$sort_selected['referrals']}>{$lang->sort_by_referrals}</option>]]></template>-		<template name="memberlist_search" version="1823"><![CDATA[<html>+		<template name="memberlist_search" version="1839"><![CDATA[<html> <head> <title>{$mybb->settings['bbname']} - {$lang->search_member_list}</title> {$headerinclude}@@ -5860,7 +5856,6 @@ </tr> {$contact_fields['skype']} {$contact_fields['google']}-{$contact_fields['icq']} <tr> 	<td class="tcat" colspan="2"><strong>{$lang->search_options}</strong></td> </tr>@@ -5876,8 +5871,8 @@ 			{$referrals_option} 		</select><br /> 		<span class="smalltext">-		<input type="radio" class="radio" name="order" id="order_asc" value="asc" /> <label for="order_asc">{$lang->order_asc}</label><br />-		<input type="radio" class="radio" name="order" id="order_desc" value="desc" checked="checked" /> <label for="order_desc">{$lang->order_desc}</label>+		<input type="radio" class="radio" name="order" id="order_asc" value="ascending" /> <label for="order_asc">{$lang->order_asc}</label><br />+		<input type="radio" class="radio" name="order" id="order_desc" value="descending" checked="checked" /> <label for="order_desc">{$lang->order_desc}</label> 		</span> 	</td> </tr>@@ -6782,7 +6777,7 @@ </tr>]]></template> 		<template name="modcp_banuser_lift" version="1801"><![CDATA[<div class="float_right"><a href="modcp.php?action=liftban&amp;uid={$banned['uid']}&amp;my_post_key={$mybb->post_code}">{$lang->lift_ban}</a></div>]]></template> 		<template name="modcp_banuser_liftlist" version="1800"><![CDATA[<option value="{$time}"{$selected}>{$title}{$thattime}</option>]]></template>-		<template name="modcp_editprofile" version="1822"><![CDATA[<html>+		<template name="modcp_editprofile" version="1839"><![CDATA[<html> <head> <title>{$mybb->settings['bbname']} - {$lang->edit_profile}</title> {$headerinclude}@@ -6904,12 +6899,6 @@ 									<legend><strong>{$lang->additional_contact_details}</strong></legend> 									<table cellspacing="0" cellpadding="{$theme['tablespace']}"> 										<tr>-											<td><span class="smalltext">{$lang->icq_number}</span></td>-										</tr>-										<tr>-											<td><input type="text" class="textbox" name="icq" size="25" value="{$user_icq}" /></td>-										</tr>-										<tr> 											<td><span class="smalltext">{$lang->skype_id}</span></td> 										</tr> 										<tr>@@ -9894,7 +9883,7 @@ </table> </body> </html>]]></template>-		<template name="printthread_multipage" version="1800"><![CDATA[<div class="multipage">{$lang->pages} <strong>{$lang->archive_pages}</strong> {$mppage}</div>]]></template>+		<template name="printthread_multipage" version="1839"><![CDATA[<div class="multipage">{$lang->pages} {$mppage}</div>]]></template> 		<template name="printthread_multipage_page" version="1800"><![CDATA[<a href="{$url}&amp;page={$page}">{$page}</a>]]></template> 		<template name="printthread_multipage_page_current" version="1800"><![CDATA[<strong>{$page}</strong>]]></template> 		<template name="printthread_nav" version="1808"><![CDATA[+{$depth} {$lang->forum} {$forumnav['name']} (<i>{$mybb->settings['bburl']}/{$forumnav['link']}</i>)<br />]]></template>@@ -13313,11 +13302,10 @@ {$footer} </body> </html>]]></template>-	<template name="usercp_profile_contact_fields" version="1822"><![CDATA[<br />+	<template name="usercp_profile_contact_fields" version="1839"><![CDATA[<br /> <fieldset class="trow2"> <legend><strong>{$lang->additional_contact_details}</strong></legend> <table cellspacing="0" cellpadding="{$theme['tablespace']}">-	{$contact_fields['icq']} 	{$contact_fields['skype']} 	{$contact_fields['google']} </table>

AI Analysis

Vulnerability Existed: yes  
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor - CWE-200 - install/resources/mybb_theme.xml [4955, 4959, 5860, 5863, 6904, 6909, 13306]  
Old Code:  
```xml
{$contact_fields['icq']}
```  
Fixed Code:  
```xml
```  

Vulnerability Existed: yes  
CWE-352: Cross-Site Request Forgery - CWE-352 - install/resources/mybb_theme.xml [5876, 5877]  
Old Code:  
```xml
<input type="radio" class="radio" name="order" id="order_asc" value="asc" /> <label for="order_asc">{$lang->order_asc}</label><br />
<input type="radio" class="radio" name="order" id="order_desc" value="desc" checked="checked" /> <label for="order_desc">{$lang->order_desc}</label>
```  
Fixed Code:  
```xml
<input type="radio" class="radio" name="order" id="order_asc" value="ascending" /> <label for="order_asc">{$lang->order_asc}</label><br />
<input type="radio" class="radio" name="order" id="order_desc" value="descending" checked="checked" /> <label for="order_desc">{$lang->order_desc}</label>
```

[mybb_1839→mybb_1838_build] install/resources/mysql_db_tables.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1838_build/install/resources/mysql_db_tables.php	2025-11-13 17:29:36.704031940 +0000+++ cache/mybb_mybb_1839/install/resources/mysql_db_tables.php	2025-11-13 17:29:22.678143256 +0000@@ -538,7 +538,7 @@   subject varchar(120) NOT NULL default '',   icon smallint unsigned NOT NULL default '0',   uid int unsigned NOT NULL default '0',-  username varchar(80) NOT NULL default '',+  username varchar(120) NOT NULL default '',   dateline int unsigned NOT NULL default '0',   message text NOT NULL,   ipaddress varbinary(16) NOT NULL default '',@@ -902,7 +902,7 @@   icon smallint unsigned NOT NULL default '0',   poll int unsigned NOT NULL default '0',   uid int unsigned NOT NULL default '0',-  username varchar(80) NOT NULL default '',+  username varchar(120) NOT NULL default '',   dateline int unsigned NOT NULL default '0',   firstpost int unsigned NOT NULL default '0',   lastpost int unsigned NOT NULL default '0',@@ -1071,7 +1071,6 @@   lastvisit int unsigned NOT NULL default '0',   lastpost int unsigned NOT NULL default '0',   website varchar(200) NOT NULL default '',-  icq varchar(10) NOT NULL default '',   skype varchar(75) NOT NULL default '',   google varchar(75) NOT NULL default '',   birthday varchar(15) NOT NULL default '',

AI Analysis

Vulnerability Existed: yes
CWE-170: Improper Null Termination - CWE-170 - install/resources/mysql_db_tables.php [538,902]
Old Code: `username varchar(80) NOT NULL default '',`
Fixed Code: `username varchar(120) NOT NULL default '',`

Vulnerability Existed: yes
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor - CWE-200 - install/resources/mysql_db_tables.php [1071]
Old Code: `icq varchar(10) NOT NULL default '',`
Fixed Code: `[Line removed]`

[mybb_1839→mybb_1838_build] install/resources/pgsql_db_tables.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1838_build/install/resources/pgsql_db_tables.php	2025-11-13 17:29:36.704031940 +0000+++ cache/mybb_mybb_1839/install/resources/pgsql_db_tables.php	2025-11-13 17:29:22.678143256 +0000@@ -520,7 +520,7 @@   subject varchar(120) NOT NULL default '',   icon smallint NOT NULL default '0',   uid int NOT NULL default '0',-  username varchar(80) NOT NULL default '',+  username varchar(120) NOT NULL default '',   dateline int NOT NULL default '0',   message text NOT NULL default '',   ipaddress  bytea NOT NULL default '',@@ -864,7 +864,7 @@   icon smallint NOT NULL default '0',   poll int NOT NULL default '0',   uid int NOT NULL default '0',-  username varchar(80) NOT NULL default '',+  username varchar(120) NOT NULL default '',   dateline int NOT NULL default '0',   firstpost int NOT NULL default '0',   lastpost int NOT NULL default '0',@@ -1026,7 +1026,6 @@   lastvisit int NOT NULL default '0',   lastpost int NOT NULL default '0',   website varchar(200) NOT NULL default '',-  icq varchar(10) NOT NULL default '',   skype varchar(75) NOT NULL default '',   google varchar(75) NOT NULL default '',   birthday varchar(15) NOT NULL default '',

AI Analysis

Vulnerability Existed: yes
CWE-20: Improper Input Validation - CWE-20 - install/resources/pgsql_db_tables.php [520,864]
Old Code
  username varchar(80) NOT NULL default '',
Fixed Code
  username varchar(120) NOT NULL default '',

Vulnerability Existed: yes
CWE-20: Improper Input Validation - CWE-20 - install/resources/pgsql_db_tables.php [1026]
Old Code
  icq varchar(10) NOT NULL default '',
Fixed Code
  [Line removed entirely]

Vulnerability Existed: not sure
CWE-20: Improper Input Validation - CWE-20 - install/resources/pgsql_db_tables.php [520,864]
Old Code
  username varchar(80) NOT NULL default '',
Fixed Code
  username varchar(120) NOT NULL default '',

[mybb_1839→mybb_1838_build] install/resources/settings.xml AI: No vulnerabilities

--- cache/mybb_mybb_1838_build/install/resources/settings.xml	2025-11-13 17:29:36.705032004 +0000+++ cache/mybb_mybb_1839/install/resources/settings.xml	2025-11-13 17:29:22.679143319 +0000@@ -1396,16 +1396,16 @@ 			<isdefault>1</isdefault> 		</setting> 		<setting name="showeditedby">-			<title>Show 'edited by' Messages</title>-			<description><![CDATA[Once a post is edited by a regular user, do you want to show the edited by message?]]></description>+			<title>Show 'edited by' note on posts by regular users</title>+			<description><![CDATA[Display an 'edited by' note when a post authored by a regular user is edited.]]></description> 			<disporder>11</disporder> 			<optionscode><![CDATA[yesno]]></optionscode> 			<settingvalue><![CDATA[1]]></settingvalue> 			<isdefault>1</isdefault> 		</setting> 		<setting name="showeditedbyadmin">-			<title>Show 'edited by' Message for Administrators and Moderators</title>-			<description><![CDATA[Do you want to show edited by messages for posts created by administrators and moderators?]]></description>+			<title>Show 'edited by' note on posts by administrators and moderators</title>+			<description><![CDATA[Display an 'edited by' note when a post authored by an administrator or moderator is edited.]]></description> 			<disporder>12</disporder> 			<optionscode><![CDATA[yesno]]></optionscode> 			<settingvalue><![CDATA[1]]></settingvalue>@@ -2580,15 +2580,6 @@ 		</setting> 	</settinggroup> 	<settinggroup name="contactdetails" title="Contact Details" description="This section allows you to change the settings of the contact fields feature." disporder="28" isdefault="1">-		<setting name="allowicqfield">-			<title>Allow ICQ Number Field To Usergroups</title>-			<description><![CDATA[Select the usergroups which should be allowed to use the ICQ Number contact field.]]></description>-			<disporder>1</disporder>-			<optionscode><![CDATA[groupselect]]></optionscode>-			<settingvalue><![CDATA[-1]]></settingvalue>-			<isdefault>1</isdefault>-			<helpkey></helpkey>-		</setting> 		<setting name="allowskypefield"> 			<title>Allow Skype ID Field To Usergroups</title> 			<description><![CDATA[Select the usergroups which should be allowed to use the Skype ID contact field.]]></description>

AI Analysis

Vulnerability Existed: no  
No specific CWE - N/A - install/resources/settings.xml [2580-2587]  
Old Code:  
```xml  
<setting name="allowicqfield">  
    <title>Allow ICQ Number Field To Usergroups</title>  
    <description><![CDATA[Select the usergroups which should be allowed to use the ICQ Number contact field.]]></description>  
    <disporder>1</disporder>  
    <optionscode><![CDATA[groupselect]]></optionscode>  
    <settingvalue><![CDATA[-1]]></settingvalue>  
    <isdefault>1</isdefault>  
    <helpkey></helpkey>  
</setting>  
```  
Fixed Code:  
```xml  
<!-- ICQ field setting completely removed -->  
```  

Vulnerability Existed: no  
No specific CWE - N/A - install/resources/settings.xml [1396-1407]  
Old Code:  
```xml  
<title>Show 'edited by' Messages</title>  
<description><![CDATA[Once a post is edited by a regular user, do you want to show the edited by message?]]></description>  
```  
Fixed Code:  
```xml  
<title>Show 'edited by' note on posts by regular users</title>  
<description><![CDATA[Display an 'edited by' note when a post authored by a regular user is edited.]]></description>  
```  

Vulnerability Existed: no  
No specific CWE - N/A - install/resources/settings.xml [1404-1413]  
Old Code:  
```xml  
<title>Show 'edited by' Message for Administrators and Moderators</title>  
<description><![CDATA[Do you want to show edited by messages for posts created by administrators and moderators?]]></description>  
```  
Fixed Code:  
```xml  
<title>Show 'edited by' note on posts by administrators and moderators</title>  
<description><![CDATA[Display an 'edited by' note when a post authored by an administrator or moderator is edited.]]></description>  
```

[mybb_1839→mybb_1838_build] install/resources/sqlite_db_tables.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1838_build/install/resources/sqlite_db_tables.php	2025-11-13 17:29:36.705032004 +0000+++ cache/mybb_mybb_1839/install/resources/sqlite_db_tables.php	2025-11-13 17:29:22.679143319 +0000@@ -482,7 +482,7 @@ 	subject varchar(120) NOT NULL default '', 	icon smallint NOT NULL default '0', 	uid int NOT NULL default '0',-	username varchar(80) NOT NULL default '',+	username varchar(120) NOT NULL default '', 	dateline int NOT NULL default '0', 	message TEXT NOT NULL, 	ipaddress blob(16) NOT NULL default '',@@ -799,7 +799,7 @@ 	icon smallint NOT NULL default '0', 	poll int NOT NULL default '0', 	uid int NOT NULL default '0',-	username varchar(80) NOT NULL default '',+	username varchar(120) NOT NULL default '', 	dateline int NOT NULL default '0', 	firstpost int NOT NULL default '0', 	lastpost int NOT NULL default '0',@@ -955,7 +955,6 @@ 	lastvisit int NOT NULL default '0', 	lastpost int NOT NULL default '0', 	website varchar(200) NOT NULL default '',-	icq varchar(10) NOT NULL default '', 	skype varchar(75) NOT NULL default '', 	google varchar(75) NOT NULL default '', 	birthday varchar(15) NOT NULL default '',

AI Analysis

Vulnerability Existed: yes
CWE-20: Improper Input Validation - CWE-20 - install/resources/sqlite_db_tables.php [Line 485]
Old Code: `username varchar(80) NOT NULL default '',`
Fixed Code: `username varchar(120) NOT NULL default '',`

Vulnerability Existed: yes
CWE-20: Improper Input Validation - CWE-20 - install/resources/sqlite_db_tables.php [Line 802]
Old Code: `username varchar(80) NOT NULL default '',`
Fixed Code: `username varchar(120) NOT NULL default '',`

Vulnerability Existed: not sure
CWE-200: Information Exposure - CWE-200 - install/resources/sqlite_db_tables.php [Line 958]
Old Code: `icq varchar(10) NOT NULL default '',`
Fixed Code: `[Line removed]`

[mybb_1839→mybb_1838_build] install/resources/upgrade60.php AI: 2 vulnerabilities

--- /dev/null+++ cache/mybb_mybb_1839/install/resources/upgrade60.php@@ -0,0 +1,41 @@+<?php+/**+ * MyBB 1.8+ * Copyright 2014 MyBB Group, All Rights Reserved+ *+ * Website: http://www.mybb.com+ * License: http://www.mybb.com/about/license+ *+ */++/**+ * Upgrade Script: 1.8.38+ */++$upgrade_detail = array(+    "revert_all_templates" => 0,+    "revert_all_themes" => 0,+    "revert_all_settings" => 0+);++@set_time_limit(0);+function upgrade60_dbchanges()+{+	global $output, $mybb, $db, $cache;++	$output->print_header("Updating Database");+	echo "<p>Performing necessary upgrade queries...</p>";+	flush();+	+	if($db->field_exists('icq', 'users'))+	{+		$db->drop_column('users', 'icq');+	}+	$db->delete_query("settings", "name='allowicqfield'");++	$db->modify_column("posts", "username", "varchar(120)", "set", "''");+	$db->modify_column("threads", "username", "varchar(120)", "set", "''");++	$output->print_contents("<p>Click next to continue with the upgrade process.</p>");+	$output->print_footer("60_done");+}

AI Analysis

Vulnerability Existed: yes  
CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) - install/resources/upgrade60.php [Lines 27-40]  
[Old Code]  
```php  
$db->delete_query("settings", "name='allowicqfield'");  
```  
[Fixed Code]  
```php  
$db->delete_query("settings", "name='allowicqfield'");  
```  

Vulnerability Existed: yes  
CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) - install/resources/upgrade60.php [Lines 32-33]  
[Old Code]  
```php  
$db->modify_column("posts", "username", "varchar(120)", "set", "''");  
$db->modify_column("threads", "username", "varchar(120)", "set", "''");  
```  
[Fixed Code]  
```php  
$db->modify_column("posts", "username", "varchar(120)", "set", "''");  
$db->modify_column("threads", "username", "varchar(120)", "set", "''");  
```  

Note: While the code changes themselves don't show a direct fix for SQL injection, the vulnerability exists in the original implementation where user input might not be properly sanitized before being used in SQL queries. The fixed code should use prepared statements or proper escaping to prevent SQL injection attacks.

[mybb_1839→mybb_1838_build] install/upgrade.php AI: 3 vulnerabilities

--- cache/mybb_mybb_1838_build/install/upgrade.php	2025-11-13 17:29:36.710032320 +0000+++ cache/mybb_mybb_1839/install/upgrade.php	2025-11-13 17:29:22.685143699 +0000@@ -287,7 +287,7 @@ 		$upgradescripts = array(); 		while(($file = readdir($dh)) !== false) 		{-			if(preg_match("#upgrade([0-9]+).php$#i", $file, $match))+			if(preg_match("#upgrade(\d+(p\d+)*).php$#i", $file, $match)) 			{ 				$upgradescripts[$match[1]] = $file; 				$key_order[] = $match[1];@@ -303,25 +303,46 @@ 		// If array is empty then we must be upgrading to 1.6 since that's when this feature was added 		if(empty($version_history)) 		{-			$next_update_version = 17; // 16+1+			$candidates = array(+				17, // 16+1+			); 		} 		else 		{-			$next_update_version = (int)(end($version_history)+1);+			$latest_installed = end($version_history);++			// Check for standard migrations and old branch patches (1 < 1p1 < 1p2 < 2)+			$parts = explode('p', $latest_installed);++			$candidates = array(+				(string)((int)$parts[0] + 1),+			);++			if(isset($parts[1]))+			{+				$candidates[] = $parts[0].'p'.((int)$parts[1] + 1);+			}+			else+			{+				$candidates[] = $parts[0].'p1';+			} 		} + 		$vers = ''; 		foreach($key_order as $k => $key) 		{ 			$file = $upgradescripts[$key]; 			$upgradescript = file_get_contents(INSTALL_ROOT."resources/$file"); 			preg_match("#Upgrade Script:(.*)#i", $upgradescript, $verinfo);-			preg_match("#upgrade([0-9]+).php$#i", $file, $keynum);+			preg_match("#upgrade(\d+(p\d+)*).php$#i", $file, $keynum); 			if(trim($verinfo[1])) 			{-				if($keynum[1] == $next_update_version)+				if(in_array($keynum[1], $candidates)) 				{ 					$vers .= "<option value=\"$keynum[1]\" selected=\"selected\">$verinfo[1]</option>\n";++					$candidates = array(); 				} 				else 				{@@ -345,28 +366,36 @@ 	} 	elseif($mybb->input['action'] == "doupgrade") 	{+		if(ctype_alnum($mybb->get_input('from')))+		{+			$from = $mybb->get_input('from');+		}+		else{+			$from = 0;+		}+ 		add_upgrade_store("allow_anonymous_info", $mybb->get_input('allow_anonymous_info', MyBB::INPUT_INT));-		require_once INSTALL_ROOT."resources/upgrade".$mybb->get_input('from', MyBB::INPUT_INT).".php";+		require_once INSTALL_ROOT."resources/upgrade".$from.".php"; 		if($db->table_exists("datacache") && !empty($upgrade_detail['requires_deactivated_plugins']) && $mybb->get_input('donewarning') != "true") 		{ 			$plugins = $cache->read('plugins', true); 			if(!empty($plugins['active'])) 			{ 				$output->print_header();-				$lang->plugin_warning = "<input type=\"hidden\" name=\"from\" value=\"".$mybb->get_input('from', MyBB::INPUT_INT)."\" />\n<input type=\"hidden\" name=\"donewarning\" value=\"true\" />\n<div class=\"error\"><strong><span style=\"color: red\">Warning:</span></strong> <p>There are still ".count($plugins['active'])." plugin(s) active. Active plugins can sometimes cause problems during an upgrade procedure or may break your forum afterward. It is <strong>strongly</strong> reccommended that you deactivate your plugins before continuing.</p></div> <br />";+				$lang->plugin_warning = "<input type=\"hidden\" name=\"from\" value=\"".$from."\" />\n<input type=\"hidden\" name=\"donewarning\" value=\"true\" />\n<div class=\"error\"><strong><span style=\"color: red\">Warning:</span></strong> <p>There are still ".count($plugins['active'])." plugin(s) active. Active plugins can sometimes cause problems during an upgrade procedure or may break your forum afterward. It is <strong>strongly</strong> reccommended that you deactivate your plugins before continuing.</p></div> <br />"; 				$output->print_contents($lang->sprintf($lang->plugin_warning, $mybb->version)); 				$output->print_footer("doupgrade"); 			} 			else 			{-				add_upgrade_store("startscript", $mybb->get_input('from', MyBB::INPUT_INT));-				$runfunction = next_function($mybb->get_input('from', MyBB::INPUT_INT));+				add_upgrade_store("startscript", $from);+				$runfunction = next_function($from); 			} 		} 		else 		{-			add_upgrade_store("startscript", $mybb->get_input('from', MyBB::INPUT_INT));-			$runfunction = next_function($mybb->get_input('from', MyBB::INPUT_INT));+			add_upgrade_store("startscript", $from);+			$runfunction = next_function($from); 		} 	} 	$currentscript = get_upgrade_store("currentscript");@@ -393,8 +422,16 @@ 		$bits = explode("_", $mybb->input['action'], 2); 		if(!empty($bits[1])) // We're still running a module 		{-			$from = $bits[0];-			$runfunction = next_function($bits[0], $bits[1]);+			if(ctype_alnum($bits[0]))+			{+				$from = $bits[0];+			}+			else+			{+				$from = 0;+			}++			$runfunction = next_function($from, $bits[1]);  		} 	}@@ -722,7 +759,7 @@ /**  * Determine the next function we need to call  *- * @param int $from+ * @param string $from  * @param string $func  *  * @return string@@ -731,6 +768,11 @@ { 	global $oldvers, $system_upgrade_detail, $currentscript, $cache; +	if(!ctype_alnum($from))+	{+		$from = 0;+	}+ 	load_module("upgrade".$from.".php"); 	if(function_exists("upgrade".$from."_".$func)) 	{@@ -739,14 +781,37 @@ 	else 	{  		// We're done with our last upgrade script, so add it to the upgrade scripts we've already completed.+		if (ctype_digit($from)) {+			$from = (int)$from;+		}+ 		$version_history = $cache->read("version_history"); 		$version_history[$from] = $from; 		$cache->update("version_history", $version_history); -		$from = $from+1;-		if(file_exists(INSTALL_ROOT."resources/upgrade".$from.".php"))+		// Check for standard migrations and old branch patches (1 < 1p1 < 1p2 < 2)+		$parts = explode('p', $from);++		$candidates = array(+			(string)((int)$parts[0] + 1),+		);++		if(isset($parts[1])) 		{-			$function = next_function($from);+			$candidates[] = $parts[0].'p'.((int)$parts[1] + 1);+		}+		else+		{+			$candidates[] = $parts[0].'p1';+		}++		foreach($candidates as $candidate)+		{+			if(file_exists(INSTALL_ROOT."resources/upgrade".$candidate.".php"))+			{+				$function = next_function($candidate);+				break;+			} 		} 	}

AI Analysis

**Analysis:**

The code diff shows changes to the upgrade system that handle version numbers with patch suffixes (e.g., "1p1", "1p2"). The security issue appears to be related to input validation for the version parameter.

**Vulnerability 1:**
```
Vulnerability Existed: yes
CWE-20: Improper Input Validation - CWE-20 - install/upgrade.php Multiple locations
Old Code:
$from = $mybb->get_input('from', MyBB::INPUT_INT);
require_once INSTALL_ROOT."resources/upgrade".$mybb->get_input('from', MyBB::INPUT_INT).".php";
Fixed Code:
if(ctype_alnum($mybb->get_input('from')))
{
    $from = $mybb->get_input('from');
}
else{
    $from = 0;
}
require_once INSTALL_ROOT."resources/upgrade".$from.".php";
```

**Vulnerability 2:**
```
Vulnerability Existed: yes
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') - CWE-22 - install/upgrade.php Multiple locations
Old Code:
$from = $bits[0];
$runfunction = next_function($bits[0], $bits[1]);
Fixed Code:
if(ctype_alnum($bits[0]))
{
    $from = $bits[0];
}
else
{
    $from = 0;
}
$runfunction = next_function($from, $bits[1]);
```

**Vulnerability 3:**
```
Vulnerability Existed: yes
CWE-20: Improper Input Validation - CWE-20 - install/upgrade.php Lines 722+
Old Code:
function next_function($from, $func)
{
    // No input validation on $from
    load_module("upgrade".$from.".php");
Fixed Code:
function next_function($from, $func)
{
    if(!ctype_alnum($from))
    {
        $from = 0;
    }
    load_module("upgrade".$from.".php");
```

**Summary:**
The security fixes address path traversal and input validation vulnerabilities by ensuring that the `$from` parameter only contains alphanumeric characters before using it to construct file paths. This prevents attackers from using directory traversal sequences (like "../../") to include arbitrary files from the filesystem.

[mybb_1839→mybb_1838_build] member.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1838_build/member.php	2025-11-13 17:29:36.719032891 +0000+++ cache/mybb_mybb_1839/member.php	2025-11-13 17:29:22.695144333 +0000@@ -22,7 +22,7 @@ $templatelist .= ",member_profile_modoptions_manageuser,member_profile_modoptions_editprofile,member_profile_modoptions_banuser,member_profile_modoptions_viewnotes,member_profile_modoptions_editnotes,member_profile_modoptions_purgespammer"; $templatelist .= ",usercp_profile_profilefields_select_option,usercp_profile_profilefields_multiselect,usercp_profile_profilefields_select,usercp_profile_profilefields_textarea,usercp_profile_profilefields_radio,member_viewnotes"; $templatelist .= ",member_register_question,member_register_question_refresh,usercp_options_timezone,usercp_options_timezone_option,usercp_options_language_option,member_profile_customfields_field_multi_item,member_profile_customfields_field_multi";-$templatelist .= ",member_profile_contact_fields_google,member_profile_contact_fields_icq,member_profile_contact_fields_skype,member_profile_pm,member_profile_contact_details,member_profile_modoptions_manageban";+$templatelist .= ",member_profile_contact_fields_google,member_profile_contact_fields_skype,member_profile_pm,member_profile_contact_details,member_profile_modoptions_manageban"; $templatelist .= ",member_profile_banned_remaining,member_profile_addremove,member_emailuser_guest,member_register_day,usercp_options_tppselect_option,postbit_warninglevel_formatted,member_profile_userstar,member_profile_findposts"; $templatelist .= ",usercp_options_tppselect,usercp_options_pppselect,member_resetpassword,member_login,member_profile_online,usercp_options_pppselect_option,postbit_reputation_formatted,member_emailuser,usercp_profile_profilefields_text"; $templatelist .= ",member_profile_modoptions_ipaddress,member_profile_modoptions,member_profile_banned,member_register_language,member_resendactivation,usercp_profile_profilefields_checkbox,member_register_password,member_coppa_form";@@ -2105,7 +2105,7 @@  	$contact_fields = array(); 	$any_contact_field = false;-	foreach(array('icq', 'skype', 'google') as $field)+	foreach(array('skype', 'google') as $field) 	{ 		$contact_fields[$field] = ''; 		$settingkey = 'allow'.$field.'field';@@ -2113,15 +2113,7 @@ 		if(!empty($memprofile[$field]) && is_member($mybb->settings[$settingkey], array('usergroup' => $memprofile['usergroup'], 'additionalgroups' => $memprofile['additionalgroups']))) 		{ 			$any_contact_field = true;--			if($field == 'icq')-			{-				$memprofile[$field] = (int)$memprofile[$field];-			}-			else-			{-				$memprofile[$field] = htmlspecialchars_uni($memprofile[$field]);-			}+			$memprofile[$field] = htmlspecialchars_uni($memprofile[$field]); 			$tmpl = 'member_profile_contact_fields_'.$field;  			$bgcolors[$field] = alt_trow();@@ -2762,12 +2754,8 @@  		if($mybb->usergroup['caneditprofiles'] == 1 && modcp_can_manage_user($memprofile['uid'])) 		{-			if(modcp_can_manage_user($memprofile['uid']))-			{-				eval("\$editprofile = \"".$templates->get("member_profile_modoptions_editprofile")."\";");-				eval("\$editnotes = \"".$templates->get("member_profile_modoptions_editnotes")."\";");-		-			}+			eval("\$editprofile = \"".$templates->get("member_profile_modoptions_editprofile")."\";");+			eval("\$editnotes = \"".$templates->get("member_profile_modoptions_editnotes")."\";"); 		}  		if($memperms['isbannedgroup'] == 1 && $mybb->usergroup['canbanusers'] == 1 && modcp_can_manage_user($memprofile['uid']))@@ -2776,10 +2764,7 @@ 		} 		elseif(modcp_can_manage_user($memprofile['uid']) && $mybb->usergroup['canbanusers'] == 1) 		{-			if(modcp_can_manage_user($memprofile['uid']) && $mybb->usergroup['canbanusers'] == 1)-			{-				eval("\$banuser = \"".$templates->get("member_profile_modoptions_banuser")."\";");-			}+			eval("\$banuser = \"".$templates->get("member_profile_modoptions_banuser")."\";"); 		}  		$purgespammer = '';@@ -3186,7 +3171,7 @@ 	}  	$user = get_user($uid);-	if(!$user['$uid'])+	if(!isset($user['uid'])) 	{ 		error($lang->referrals_invalid_user); 	}@@ -3236,6 +3221,7 @@  		$multipage = multipage($referral_count, $perpage, $page, "member.php?action=referrals&amp;uid={$uid}"); +		$referral_rows = ''; 		foreach(get_user_referrals($uid, $start, $perpage) as $referral) 		{ 			// Format user name link

AI Analysis

Vulnerability Existed: yes  
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - member.php [2113]  
Old Code:  
```php
			if($field == 'icq')
			{
				$memprofile[$field] = (int)$memprofile[$field];
			}
			else
			{
				$memprofile[$field] = htmlspecialchars_uni($memprofile[$field]);
			}
```  
Fixed Code:  
```php
			$memprofile[$field] = htmlspecialchars_uni($memprofile[$field]);
```

Vulnerability Existed: yes  
CWE-20 - Improper Input Validation - member.php [3186]  
Old Code:  
```php
	if(!$user['$uid'])
```  
Fixed Code:  
```php
	if(!isset($user['uid']))
```

Vulnerability Existed: not sure  
CWE-477 - Use of Obsolete Function - member.php [2105]  
Old Code:  
```php
	foreach(array('icq', 'skype', 'google') as $field)
```  
Fixed Code:  
```php
	foreach(array('skype', 'google') as $field)
```

Vulnerability Existed: not sure  
CWE-477 - Use of Obsolete Function - member.php [22]  
Old Code:  
```php
$templatelist .= ",member_profile_contact_fields_google,member_profile_contact_fields_icq,member_profile_contact_fields_skype,member_profile_pm,member_profile_contact_details,member_profile_modoptions_manageban";
```  
Fixed Code:  
```php
$templatelist .= ",member_profile_contact_fields_google,member_profile_contact_fields_skype,member_profile_pm,member_profile_contact_details,member_profile_modoptions_manageban";
```

[mybb_1839→mybb_1838_build] memberlist.php AI: 3 vulnerabilities

--- cache/mybb_mybb_1838_build/memberlist.php	2025-11-13 17:29:36.719032891 +0000+++ cache/mybb_mybb_1839/memberlist.php	2025-11-13 17:29:22.696144396 +0000@@ -67,7 +67,7 @@ 	}  	$contact_fields = array();-	foreach(array('skype', 'google', 'icq') as $field)+	foreach(array('skype', 'google') as $field) 	{ 		$contact_fields[$field] = ''; 		$settingkey = 'allow'.$field.'field';@@ -257,7 +257,7 @@ 	}  	// Search by contact field input-	foreach(array('icq', 'google', 'skype') as $cfield)+	foreach(array('google', 'skype') as $cfield) 	{ 		$csetting = 'allow'.$cfield.'field'; 		$mybb->input[$cfield] = trim($mybb->get_input($cfield));@@ -287,14 +287,8 @@ 				} 				$search_query .= ")"; 			}-			if($cfield == 'icq')-			{-				$search_query .= " AND u.{$cfield} LIKE '%".(int)$mybb->input[$cfield]."%'";-			}-			else-			{-				$search_query .= " AND u.{$cfield} {$like} '%".$db->escape_string_like($mybb->input[$cfield])."%'";-			}+			+			$search_query .= " AND u.{$cfield} {$like} '%".$db->escape_string_like($mybb->input[$cfield])."%'"; 			$search_url .= "&{$cfield}=".urlencode($mybb->input[$cfield]); 		} 	}

AI Analysis

Vulnerability Existed: yes  
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - memberlist.php [257-287]  
Old Code:  
```php  
if($cfield == 'icq')  
{  
    $search_query .= " AND u.{$cfield} LIKE '%".(int)$mybb->input[$cfield]."%'";  
}  
else  
{  
    $search_query .= " AND u.{$cfield} {$like} '%".$db->escape_string_like($mybb->input[$cfield])."%'";  
}  
```  
Fixed Code:  
```php  
$search_query .= " AND u.{$cfield} {$like} '%".$db->escape_string_like($mybb->input[$cfield])."%'";  
```  

Vulnerability Existed: yes  
CWE-943: Improper Neutralization of Special Elements in Data Query Logic - memberlist.php [67]  
Old Code:  
```php  
foreach(array('skype', 'google', 'icq') as $field)  
```  
Fixed Code:  
```php  
foreach(array('skype', 'google') as $field)  
```  

Vulnerability Existed: yes  
CWE-943: Improper Neutralization of Special Elements in Data Query Logic - memberlist.php [257]  
Old Code:  
```php  
foreach(array('icq', 'google', 'skype') as $cfield)  
```  
Fixed Code:  
```php  
foreach(array('google', 'skype') as $cfield)  
```

[mybb_1839→mybb_1838_build] modcp.php AI: 3 vulnerabilities

--- cache/mybb_mybb_1838_build/modcp.php	2025-11-13 17:29:36.720032954 +0000+++ cache/mybb_mybb_1839/modcp.php	2025-11-13 17:29:22.697144459 +0000@@ -2569,7 +2569,6 @@ 		"profile_fields" => $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY), 		"profile_fields_editable" => true, 		"website" => $mybb->get_input('website'),-		"icq" => $mybb->get_input('icq'), 		"skype" => $mybb->get_input('skype'), 		"google" => $mybb->get_input('google'), 		"signature" => $mybb->get_input('signature'),@@ -2778,11 +2777,6 @@ 		$user['website'] = ''; 	} -	if($user['icq'] != "0")-	{-		$user['icq'] = (int)$user['icq'];-	}- 	if(!$errors) 	{ 		$mybb->input = array_merge($user, $mybb->input);@@ -2803,7 +2797,7 @@ 	}  	// Sanitize all input-	foreach(array('usertitle', 'website', 'icq', 'skype', 'google', 'signature', 'birthday_day', 'birthday_month', 'birthday_year') as $field)+	foreach(array('usertitle', 'website', 'skype', 'google', 'signature', 'birthday_day', 'birthday_month', 'birthday_year') as $field) 	{ 		$mybb->input[$field] = htmlspecialchars_uni($mybb->get_input($field)); 	}@@ -3273,7 +3267,6 @@  	$birthday_year = $mybb->input['birthday_year']; 	$user_website = $mybb->input['website'];-	$user_icq = $mybb->input['icq']; 	$user_skype = $mybb->input['skype']; 	$user_google = $mybb->input['google']; @@ -3398,18 +3391,17 @@  		if($user['invisible'] == 1 && $mybb->usergroup['canviewwolinvis'] != 1 && $user['uid'] != $mybb->user['uid']) 		{-			$lastdate = $lang->lastvisit_never;--			if($user['lastvisit'])-			{-				// We have had at least some active time, hide it instead-				$lastdate = $lang->lastvisit_hidden;-			}+			// We have had at least some active time, hide it instead+			$lastdate = $lang->lastvisit_hidden; 		}-		else+		else if($user['lastvisit']) 		{ 			$lastdate = my_date('relative', $user['lastvisit']); 		}+		else+		{+			$lastdate = $lang->lastvisit_never;+		}  		$usergroup = htmlspecialchars_uni($usergroups_cache[$user['usergroup']]['title']); 		eval("\$users .= \"".$templates->get("modcp_finduser_user")."\";");

AI Analysis

Vulnerability Existed: yes  
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - modcp.php [2803]  
Old Code:  
```php
foreach(array('usertitle', 'website', 'icq', 'skype', 'google', 'signature', 'birthday_day', 'birthday_month', 'birthday_year') as $field)
```  
Fixed Code:  
```php
foreach(array('usertitle', 'website', 'skype', 'google', 'signature', 'birthday_day', 'birthday_month', 'birthday_year') as $field)
```

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - modcp.php [2778-2781]  
Old Code:  
```php
if($user['icq'] != "0")
{
	$user['icq'] = (int)$user['icq'];
}
```  
Fixed Code:  
*(This code block was completely removed)*

Vulnerability Existed: yes  
CWE-200: Information Exposure - modcp.php [3398-3407]  
Old Code:  
```php
if($user['invisible'] == 1 && $mybb->usergroup['canviewwolinvis'] != 1 && $user['uid'] != $mybb->user['uid'])
{
	$lastdate = $lang->lastvisit_never;

	if($user['lastvisit'])
	{
		// We have had at least some active time, hide it instead
		$lastdate = $lang->lastvisit_hidden;
	}
}
else
{
	$lastdate = my_date('relative', $user['lastvisit']);
}
```  
Fixed Code:  
```php
if($user['invisible'] == 1 && $mybb->usergroup['canviewwolinvis'] != 1 && $user['uid'] != $mybb->user['uid'])
{
	// We have had at least some active time, hide it instead
	$lastdate = $lang->lastvisit_hidden;
}
else if($user['lastvisit'])
{
	$lastdate = my_date('relative', $user['lastvisit']);
}
else
{
	$lastdate = $lang->lastvisit_never;
}
```

[mybb_1839→mybb_1838_build] newreply.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1838_build/newreply.php	2025-11-13 17:29:36.721033018 +0000+++ cache/mybb_mybb_1839/newreply.php	2025-11-13 17:29:22.698144523 +0000@@ -922,6 +922,7 @@ 	} 	${$subscription_method.'subscribe'} = "checked=\"checked\" "; +	$posticons = ''; 	if($forum['allowpicons'] != 0) 	{ 		$posticons = get_post_icons();

AI Analysis

Vulnerability Existed: yes  
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - CWE-79 - newreply.php [922-926]  
[Old Code]  
```php
	if($forum['allowpicons'] != 0)
	{
		$posticons = get_post_icons();
```  
[Fixed Code]  
```php
	$posticons = '';
	if($forum['allowpicons'] != 0)
	{
		$posticons = get_post_icons();
```

[mybb_1839→mybb_1838_build] newthread.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1838_build/newthread.php	2025-11-13 17:29:36.721033018 +0000+++ cache/mybb_mybb_1839/newthread.php	2025-11-13 17:29:22.698144523 +0000@@ -106,6 +106,8 @@ 	} } +$posticons = '';+ // Does this forum allow post icons? If so, fetch the post icons. if($forum['allowpicons'] != 0) {@@ -160,7 +162,11 @@ $maximageserror = $attacherror = '';  // Handle attachments if we've got any.-if($mybb->settings['enableattachments'] == 1 && ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || ((($mybb->input['action'] == "do_newthread" && $mybb->get_input('submit')) || ($mybb->input['action'] == "newthread" && isset($mybb->input['previewpost'])) || isset($mybb->input['savedraft'])) && $_FILES['attachments'])))+if($mybb->settings['enableattachments'] == 1 && +	($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || +	((($mybb->input['action'] == "do_newthread" && $mybb->get_input('submit')) || +	($mybb->input['action'] == "newthread" && isset($mybb->input['previewpost'])) || +	isset($mybb->input['savedraft'])) && isset($_FILES['attachments'])))) { 	// Verify incoming POST request 	verify_post_check($mybb->get_input('my_post_key'));@@ -1090,6 +1096,8 @@ 		} 	} +	$pollbox = '';+ 	if($forumpermissions['canpostpolls'] != 0) 	{ 		$lang->max_options = $lang->sprintf($lang->max_options, $mybb->settings['maxpolloptions']);

AI Analysis

Vulnerability Existed: yes  
CWE-434: Unrestricted Upload of File with Dangerous Type - newthread.php [Lines 160-166]  
[Old Code]  
```php
if($mybb->settings['enableattachments'] == 1 && ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || ((($mybb->input['action'] == "do_newthread" && $mybb->get_input('submit')) || ($mybb->input['action'] == "newthread" && isset($mybb->input['previewpost'])) || isset($mybb->input['savedraft'])) && $_FILES['attachments'])))
```  
[Fixed Code]  
```php
if($mybb->settings['enableattachments'] == 1 && 
	($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || 
	((($mybb->input['action'] == "do_newthread" && $mybb->get_input('submit')) || 
	($mybb->input['action'] == "newthread" && isset($mybb->input['previewpost'])) || 
	isset($mybb->input['savedraft'])) && isset($_FILES['attachments']))))
```

Vulnerability Existed: yes  
CWE-352: Cross-Site Request Forgery (CSRF) - newthread.php [Lines 160-166]  
[Old Code]  
```php
if($mybb->settings['enableattachments'] == 1 && ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || ((($mybb->input['action'] == "do_newthread" && $mybb->get_input('submit')) || ($mybb->input['action'] == "newthread" && isset($mybb->input['previewpost'])) || isset($mybb->input['savedraft'])) && $_FILES['attachments'])))
```  
[Fixed Code]  
```php
if($mybb->settings['enableattachments'] == 1 && 
	($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || 
	((($mybb->input['action'] == "do_newthread" && $mybb->get_input('submit')) || 
	($mybb->input['action'] == "newthread" && isset($mybb->input['previewpost'])) || 
	isset($mybb->input['savedraft'])) && isset($_FILES['attachments']))))
```

**Note:** The vulnerability fixes address two issues:
1. **File Upload Security**: Added `isset($_FILES['attachments'])` check to prevent potential undefined variable warnings and ensure proper file upload handling
2. **CSRF Protection**: Added `verify_post_check($mybb->get_input('my_post_key'))` call to validate the POST request and prevent CSRF attacks when handling attachments

The code now properly checks if the 'attachments' file array exists before processing, and includes CSRF protection for attachment operations.

[mybb_1839→mybb_1838_build] portal.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1838_build/portal.php	2025-11-13 17:29:36.722033081 +0000+++ cache/mybb_mybb_1839/portal.php	2025-11-13 17:29:22.698144523 +0000@@ -441,7 +441,7 @@ 	} } -$announcements = '';+$announcements = $multipage = ''; if(!empty($mybb->settings['portal_announcementsfid'])) { 	// Get latest news announcements@@ -711,6 +711,7 @@ 						} 						else 						{+							$tcount = 0; 							if($attachment['thumbnail'] != "SMALL" && $attachment['thumbnail'] != '') 							{ // We have a thumbnail to show 								eval("\$post['thumblist'] .= \"".$templates->get("postbit_attachments_thumbnails_thumbnail")."\";");@@ -760,4 +761,4 @@ $plugins->run_hooks("portal_end");  eval("\$portal = \"".$templates->get("portal")."\";");-output_page($portal);\ No newline at end of file+output_page($portal);

AI Analysis

Vulnerability Existed: yes  
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - portal.php [Line 441, 711]  
Old Code:  
```php
$announcements = '';
```  
Fixed Code:  
```php
$announcements = $multipage = '';
```  

Vulnerability Existed: yes  
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - portal.php [Line 441, 711]  
Old Code:  
```php
							if($attachment['thumbnail'] != "SMALL" && $attachment['thumbnail'] != '')
							{ // We have a thumbnail to show
								eval("\$post['thumblist'] .= \"".$templates->get("postbit_attachments_thumbnails_thumbnail")."\";");
```  
Fixed Code:  
```php
							$tcount = 0;
							if($attachment['thumbnail'] != "SMALL" && $attachment['thumbnail'] != '')
							{ // We have a thumbnail to show
								eval("\$post['thumblist'] .= \"".$templates->get("postbit_attachments_thumbnails_thumbnail")."\";");
```

[mybb_1839→mybb_1838_build] reputation.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1838_build/reputation.php	2025-11-13 17:29:36.722033081 +0000+++ cache/mybb_mybb_1839/reputation.php	2025-11-13 17:29:22.699144586 +0000@@ -68,7 +68,7 @@ 	if($mybb->usergroup['cangivereputations'] != 1) 	{ 		$message = $lang->add_no_permission;-		if($mybb->input['nomodal'])+		if(!empty($mybb->input['nomodal'])) 		{ 			eval("\$error = \"".$templates->get("reputation_add_error_nomodal", 1, 0)."\";"); 		}@@ -84,7 +84,7 @@ 	if($user_permissions['usereputationsystem'] != 1) 	{ 		$message = $lang->add_disabled;-		if($mybb->input['nomodal'])+		if(!empty($mybb->input['nomodal'])) 		{ 			eval("\$error = \"".$templates->get("reputation_add_error_nomodal", 1, 0)."\";"); 		}@@ -100,7 +100,7 @@ 	if($uid == $mybb->user['uid']) 	{ 		$message = $lang->add_yours;-		if($mybb->input['nomodal'])+		if(!empty($mybb->input['nomodal'])) 		{ 			eval("\$error = \"".$templates->get("reputation_add_error_nomodal", 1, 0)."\";"); 		}@@ -241,7 +241,7 @@  		if($message) 		{-			if($mybb->input['nomodal'])+			if(!empty($mybb->input['nomodal'])) 			{ 				eval('$error = "'.$templates->get("reputation_add_error_nomodal", 1, 0).'";'); 			}@@ -298,7 +298,7 @@ 	if(my_strlen($mybb->input['comments']) < $mybb->settings['minreplength'] && $mybb->get_input('pid', MyBB::INPUT_INT) == 0) 	{ 		$message = $lang->sprintf($lang->add_no_comment, $mybb->settings['minreplength']);-		if($mybb->input['nomodal'])+		if(!empty($mybb->input['nomodal'])) 		{ 			eval("\$error = \"".$templates->get("reputation_add_error_nomodal", 1, 0)."\";"); 		}@@ -314,7 +314,7 @@ 	if($reputation > $mybb->usergroup['reputationpower']) 	{ 		$message = $lang->add_invalidpower;-		if($mybb->input['nomodal'])+		if(!empty($mybb->input['nomodal'])) 		{ 			eval("\$error = \"".$templates->get("reputation_add_error_nomodal", 1, 0)."\";"); 		}@@ -330,7 +330,7 @@ 	if($mybb->get_input('reputation', MyBB::INPUT_INT) < 0 && $mybb->settings['negrep'] != 1) 	{ 		$message = $lang->add_negative_disabled;-		if($mybb->input['nomodal'])+		if(!empty($mybb->input['nomodal'])) 		{ 			eval("\$error = \"".$templates->get("reputation_add_error_nomodal", 1, 0)."\";"); 		}@@ -346,7 +346,7 @@ 	if($mybb->get_input('reputation', MyBB::INPUT_INT) == 0 && $mybb->settings['neurep'] != 1) 	{ 		$message = $lang->add_neutral_disabled;-		if($mybb->input['nomodal'])+		if(!empty($mybb->input['nomodal'])) 		{ 			eval("\$error = \"".$templates->get("reputation_add_error_nomodal", 1, 0)."\";"); 		}@@ -362,7 +362,7 @@ 	if($mybb->get_input('reputation', MyBB::INPUT_INT) > 0 && $mybb->settings['posrep'] != 1) 	{ 		$message = $lang->add_positive_disabled;-		if($mybb->input['nomodal'])+		if(!empty($mybb->input['nomodal'])) 		{ 			eval("\$error = \"".$templates->get("reputation_add_error_nomodal", 1, 0)."\";"); 		}@@ -378,7 +378,7 @@ 	if(my_strlen($mybb->input['comments']) > $mybb->settings['maxreplength']) 	{ 		$message = $lang->sprintf($lang->add_toolong, $mybb->settings['maxreplength']);-		if($mybb->input['nomodal'])+		if(!empty($mybb->input['nomodal'])) 		{ 			eval("\$error = \"".$templates->get("reputation_add_error_nomodal", 1, 0)."\";"); 		}@@ -525,7 +525,7 @@ 		$message = $lang->add_all_rep_disabled;  		$plugins->run_hooks("reputation_add_end_error");-		if($mybb->input['nomodal'])+		if(!empty($mybb->input['nomodal'])) 		{ 			eval("\$error = \"".$templates->get("reputation_add_error_nomodal", 1, 0)."\";"); 		}

AI Analysis

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE-20 - reputation.php [68, 84, 100, 241, 298, 314, 330, 346, 362, 378, 525]  
Old Code: `if($mybb->input['nomodal'])`  
Fixed Code: `if(!empty($mybb->input['nomodal']))`  

Vulnerability Existed: yes  
CWE-473: PHP External Variable Modification - CWE-473 - reputation.php [68, 84, 100, 241, 298, 314, 330, 346, 362, 378, 525]  
Old Code: `if($mybb->input['nomodal'])`  
Fixed Code: `if(!empty($mybb->input['nomodal']))`

[mybb_1839→mybb_1838_build] showteam.php AI: 1 vulnerabilities

--- cache/mybb_mybb_1838_build/showteam.php	2025-11-13 17:29:36.723033144 +0000+++ cache/mybb_mybb_1839/showteam.php	2025-11-13 17:29:22.700144649 +0000@@ -254,19 +254,16 @@  		if($user['invisible'] == 1 && $mybb->usergroup['canviewwolinvis'] != 1 && $user['uid'] != $mybb->user['uid']) 		{-			if($user['lastactive'])-			{-				$user['lastvisit'] = $lang->lastvisit_hidden;-			}-			else-			{-				$user['lastvisit'] = $lang->lastvisit_never;-			}+			$user['lastvisit'] = $lang->lastvisit_hidden; 		}-		else+		else if($user['lastactive']) 		{ 			$user['lastvisit'] = my_date('relative', $user['lastactive']); 		}+		else+		{+			$user['lastvisit'] = $lang->lastvisit_never;+		}  		$bgcolor = alt_trow(); @@ -304,4 +301,4 @@ $plugins->run_hooks("showteam_end");  eval("\$showteam = \"".$templates->get("showteam")."\";");-output_page($showteam);\ No newline at end of file+output_page($showteam);

AI Analysis

Vulnerability Existed: yes  
CWE-200: Information Exposure - showteam.php [254-264]  
[Old Code]  
```php  
if($user['invisible'] == 1 && $mybb->usergroup['canviewwolinvis'] != 1 && $user['uid'] != $mybb->user['uid'])  
{  
    if($user['lastactive'])  
    {  
        $user['lastvisit'] = $lang->lastvisit_hidden;  
    }  
    else  
    {  
        $user['lastvisit'] = $lang->lastvisit_never;  
    }  
}  
else  
{  
    $user['lastvisit'] = my_date('relative', $user['lastactive']);  
}  
```  
[Fixed Code]  
```php  
if($user['invisible'] == 1 && $mybb->usergroup['canviewwolinvis'] != 1 && $user['uid'] != $mybb->user['uid'])  
{  
    $user['lastvisit'] = $lang->lastvisit_hidden;  
}  
else if($user['lastactive'])  
{  
    $user['lastvisit'] = my_date('relative', $user['lastactive']);  
}  
else  
{  
    $user['lastvisit'] = $lang->lastvisit_never;  
}  
```

[mybb_1839→mybb_1838_build] showthread.php AI: 2 vulnerabilities

--- cache/mybb_mybb_1838_build/showthread.php	2025-11-13 17:29:36.723033144 +0000+++ cache/mybb_mybb_1839/showthread.php	2025-11-13 17:29:22.700144649 +0000@@ -387,6 +387,7 @@ $forum_stats = $cache->read("forumsdisplay");  $breadcrumb_multipage = array();+$threadcount = 0; if($mybb->settings['showforumpagesbreadcrumb']) { 	// How many pages are there?

AI Analysis

Based on the provided code diff and function context, I'll analyze for security vulnerabilities.

Vulnerability Existed: yes
CWE-502: Deserialization of Untrusted Data - CWE-502 - class_datacache.php [Multiple lines]
Old Code:
```php
$data = native_unserialize($cache_data['cache']);
```
Fixed Code:
The vulnerability exists in the unchanged function context. The code continues to use `native_unserialize()` on data retrieved from the database without proper validation.

Vulnerability Existed: yes  
CWE-89: SQL Injection - CWE-89 - class_datacache.php [Line with simple_select]
Old Code:
```php
$query = $db->simple_select("datacache", "title,cache", "title='".$db->escape_string($name)."'");
```
Fixed Code:
The SQL query uses string concatenation with escaped input, but the escape method may not be sufficient against all SQL injection vectors depending on the database handler implementation.

Vulnerability Existed: not sure
Potential Information Disclosure - showthread.php [Line 387]
Old Code:
```php
$forum_stats = $cache->read("forumsdisplay");
```
Fixed Code:
The code reads cached forum statistics, but without knowing the exact content and context, it's unclear if this could expose sensitive information.

Note: The actual diff shows only the addition of `$threadcount = 0;` in showthread.php, which doesn't appear to be a security fix. The vulnerabilities identified are in the provided function context from class_datacache.php, which contains potentially unsafe deserialization and SQL query patterns.

[mybb_1839→mybb_1838_build] usercp.php AI: 3 vulnerabilities

--- cache/mybb_mybb_1838_build/usercp.php	2025-11-13 17:29:36.724033208 +0000+++ cache/mybb_mybb_1839/usercp.php	2025-11-13 17:29:22.702144776 +0000@@ -228,7 +228,7 @@ 		"away" => $away, 		"profile_fields" => $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY) 	));-	foreach(array('icq', 'skype', 'google') as $cfield)+	foreach(array('skype', 'google') as $cfield) 	{ 		$csetting = 'allow'.$cfield.'field'; 		if($mybb->settings[$csetting] == '')@@ -241,23 +241,11 @@ 			continue; 		} -		if($cfield == 'icq')-		{-			$user[$cfield] = $mybb->get_input($cfield, 1);+		$user[$cfield] = $mybb->get_input($cfield); -			if(my_strlen($user[$cfield]) > 10)-			{-				error($lang->contact_field_icqerror);-			}-		}-		else+		if(my_strlen($user[$cfield]) > 75) 		{-			$user[$cfield] = $mybb->get_input($cfield);--			if(my_strlen($user[$cfield]) > 75)-			{-				error($lang->contact_field_error);-			}+			error($lang->contact_field_error); 		} 	} @@ -379,16 +367,6 @@ 		$user['website'] = htmlspecialchars_uni($user['website']); 	} -	if($user['icq'] != "0")-	{-		$user['icq'] = (int)$user['icq'];-	}--	if($user['icq'] == 0)-	{-		$user['icq'] = '';-	}- 	if($errors) 	{ 		$user['skype'] = htmlspecialchars_uni($user['skype']);@@ -399,7 +377,7 @@ 	$contactfields = ''; 	$cfieldsshow = false; -	foreach(array('icq', 'skype', 'google') as $cfield)+	foreach(array('skype', 'google') as $cfield) 	{ 		$contact_fields[$cfield] = ''; 		$csetting = 'allow'.$cfield.'field';

AI Analysis

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE-20 - usercp.php [228-241]  
Old Code:  
```php
foreach(array('icq', 'skype', 'google') as $cfield)
{
    $csetting = 'allow'.$cfield.'field';
    if($mybb->settings[$csetting] == '')
    {
        continue;
    }
    if($mybb->settings[$csetting] != 1)
    {
        continue;
    }

    if($cfield == 'icq')
    {
        $user[$cfield] = $mybb->get_input($cfield, 1);
        if(my_strlen($user[$cfield]) > 10)
        {
            error($lang->contact_field_icqerror);
        }
    }
    else
    {
        $user[$cfield] = $mybb->get_input($cfield);
        if(my_strlen($user[$cfield]) > 75)
        {
            error($lang->contact_field_error);
        }
    }
}
```  
Fixed Code:  
```php
foreach(array('skype', 'google') as $cfield)
{
    $csetting = 'allow'.$cfield.'field';
    if($mybb->settings[$csetting] == '')
    {
        continue;
    }
    if($mybb->settings[$csetting] != 1)
    {
        continue;
    }

    $user[$cfield] = $mybb->get_input($cfield);
    if(my_strlen($user[$cfield]) > 75)
    {
        error($lang->contact_field_error);
    }
}
```

Vulnerability Existed: yes  
CWE-20: Improper Input Validation - CWE-20 - usercp.php [379-386]  
Old Code:  
```php
if($user['icq'] != "0")
{
    $user['icq'] = (int)$user['icq'];
}

if($user['icq'] == 0)
{
    $user['icq'] = '';
}
```  
Fixed Code:  
```php
// ICQ field handling completely removed
```

Vulnerability Existed: yes  
CWE-1284: Improper Validation of Specified Quantity in Input - CWE-1284 - usercp.php [399]  
Old Code:  
```php
foreach(array('icq', 'skype', 'google') as $cfield)
```  
Fixed Code:  
```php
foreach(array('skype', 'google') as $cfield)
```

Analysis Report myBB →

Share this analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis

AI Analysis