2005-10-18, 06:51 PM
One of my team members has pointed out that there is a an RSS Exploit in MyBB PR2. One of my forums, which only allows several User Groups to view it at all (other groups have No Access at all, can't even see it's existence), when given it's RSS URL, all user groups (including not logged in )can have fully read access to it by the RSS. (when they click the Read More, they get the error, but from the RSS page, they can actually see the posts).