MyBB Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-29458)
Description
An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.