CVE-2016-9411
The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to obtain the installation path via vectors involving sending mails.
Date published : 2017-01-31
http://www.securityfocus.com/bid/94395