Lucene search

K
openvasCopyright (C) 2024 Greenbone AGOPENVAS:1361412562310127740
HistoryMay 02, 2024 - 12:00 a.m.

MyBB < 1.8.38 Multiple Vulnerabilities

2024-05-0200:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
7
mybb
multiple vulnerabilities
cve-2024-23335
cve-2024-23336
update.

5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

26.2%

MyBB is prone to multiple vulnerabilities.

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:mybb:mybb";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.127740");
  script_version("2024-05-03T05:05:25+0000");
  script_tag(name:"last_modification", value:"2024-05-03 05:05:25 +0000 (Fri, 03 May 2024)");
  script_tag(name:"creation_date", value:"2024-05-02 10:45:46 +0000 (Thu, 02 May 2024)");
  script_tag(name:"cvss_base", value:"5.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:M/C:P/I:P/A:P");

  script_cve_id("CVE-2024-23335", "CVE-2024-23336");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("MyBB < 1.8.38 Multiple Vulnerabilities");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("sw_mybb_detect.nasl");
  script_mandatory_keys("MyBB/installed");

  script_tag(name:"summary", value:"MyBB is prone to multiple vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"The following vulnerabilities exist:

  - CVE-2024-23335: The backup management module of the Admin CP may accept .htaccess as the name
  of the backup file to be deleted, which may expose the stored backup files over HTTP on Apache
  servers.

  - CVE-2024-23336: The default list of disallowed remote hosts does not contain the '127.0.0.0/8'
  block, which may result in a SSRF vulnerability.");

  script_tag(name:"affected", value:"MyBB prior to version 1.8.38.");

  script_tag(name:"solution", value:"Update to version 1.8.38 or later.");

  script_xref(name:"URL", value:"https://github.com/mybb/mybb/security/advisories/GHSA-94xr-g4ww-j47r");
  script_xref(name:"URL", value:"https://github.com/mybb/mybb/security/advisories/GHSA-qfrj-65mv-h75h");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if( ! port = get_app_port( cpe: CPE ) )
  exit( 0 );

if( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )
  exit(0);

version = infos["version"];
location = infos["location"];

if( version_is_less( version: version, test_version: "1.8.38" ) ) {
  report = report_fixed_ver( installed_version: version, fixed_version: "1.8.38", install_path: location );
  security_message( port: port, data: report );
  exit( 0 );
}

exit( 99 );

5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

26.2%

Related for OPENVAS:1361412562310127740