Vulners
Lucene search
MyBB Hide Thread Content Plugin 1.0 - Information Disclosure
| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
 | CVE-2021-3337 | 28 Jan 202122:39 | – | circl |
 | MyBB Hide-Thread-Content plugin security vulnerability | 28 Jan 202100:00 | – | cnnvd |
 | CVE-2021-3337 | 28 Jan 202119:32 | – | cve |
 | CVE-2021-3337 | 28 Jan 202119:32 | – | cvelist |
 | CVE-2021-3337 | 28 Jan 202120:15 | – | nvd |
 | MyBB Hide Thread Content 1.0 Information Disclosure | 29 Jan 202100:00 | – | packetstorm |
 | Hardcoded credentials | 28 Jan 202120:15 | – | prion |
 | CVE-2021-3337 | 22 May 202518:35 | – | redhatcve |
# Exploit Title: MyBB Hide Thread Content Plugin 1.0 - Information Disclosure
# Date: 1/27/2021
# Author: 0xB9
# Twitter: @0xB9Sec
# Contact: 0xB9[at]pm.me
# Software Link: https://community.mybb.com/mods.php?action=view&pid=1430
# Version: 1.0
# Tested on: Windows 10
# CVE: CVE-2021-3337
1. Description:
This plugin hides thread content until user replies to the thread. The information disclosure is hidden content can be viewed without replying.
2. Proof of Concept:
- Visit a post where content is hidden
- Click the reply or quote button below
Thread content will be displayed in the [quote] bracket without needing to replyData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
29 Jan 2021 00:00Current
7.7High risk
Vulners AI Score7.7
CVSS 25
CVSS 3.17.5
EPSS0.21298