MyBB Community Forums

Full Version: Small security hole
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Is there any way to turn off the "Forum Team" and "Forum Statistics" at the bottom of the page, particularly for non-members?

I logged out and looked at the "Forum Statistics". There was a "Most Viewed Threads" listed that you must be a logged in member to see. I clicked it and I was able to see the Thread. I hit the Forum that contained this thread near the top of the page and got into the Forum. I was then able to read the threads in this forum (again, a non-member should not be able to see this). I went back one more level and was then asked to log in.

The "Most Replied to Threads" seems to filter out items a non-member can see.

This may be a security problem I am bringing to the Teams attention.
There must be something wrong with your permissions.
Amazing what one misplaced check-mark can do.
This happened to me today. Created a new group and somehow it ended up with read permissions for the moderator/admin only forum. Always a good choice to thoroughly test things out with a test user before putting actual users in any new group...