CVE-2022-24734

MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type php with PHP code, executed on on Change Settings pages. This resul...

BIT-MYBB-2022-39265

MyBB is a free and open source forum software. The Mail Settings → Additional Parameters for PHP's mail function mailparameters setting value, in connection with the configured mail program's options and behavior, may allow access to sensitive information and Remote Code Execution RCE. The...

MyBB 1.2.0 - 1.8.29 RCE Vulnerability (GHSA-876v-gwgh-w57f)

MyBB is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mybb:mybb";...

MyBB 1.0.2 SQL injection in usercp.php

this is a bug report for MyBB 1.0.2latest version bug found by imei there is a security bug in usercp.php line 830 that Allows SQL Injection and can result to full access to admin cp. bug is in result of poor checking of $mybb-input'threadmode' value against all other values in usercp.php file...