129 matches found
MyBB 1.8.32 - Remote Code Execution (Authenticated) Exploit
Exploit Title: MyBB 1.8.32 - Chained LFI Remote Code Execution RCE Authenticated Exploit Author: lUc1f3r11 https://github.com/FDlucifer Vendor Homepage: https://mybb.com/ Software Link: https://github.com/mybb/mybb/releases/tag/mybb1832 Version: MyBB 1.8.32 Tested on: Linux CVE : N/A Detailed...
MyBB 1.8.32 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: MyBB 1.8.32 - Chained LFI Remote Code Execution RCE Authenticated Date: 2023-01-19 Exploit Author: lUc1f3r11 https://github.com/FDlucifer Vendor Homepage: https://mybb.com/ Software Link: https://github.com/mybb/mybb/releases/tag/mybb1832 Version: MyBB 1.8.32 Tested on: Linux CVE :...
MyBB < 1.8.33 Directory Traversal Vulnerability
MyBB is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mybb:mybb"; ifdescription...
CVE-2022-45867
MyBB before 1.8.33 allows Directory Traversal. The Admin CP Languages module allows remote authenticated users, with high privileges, to achieve local file inclusion and execution...
Directory traversal
MyBB before 1.8.33 allows Directory Traversal. The Admin CP Languages module allows remote authenticated users, with high privileges, to achieve local file inclusion and execution...
CVE-2022-43709
MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings...
Sql injection
MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings...
CVE-2022-43709
MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings...
CVE-2022-43709
Summary of CVE-2022-43709 : MyBB 1.8.31 contains a SQL injection vulnerability in the Admin CP → Users module. The issue allows remote authenticated users to modify the query string via direct user input or stored search filter settings, enabling partial data integrity impact as described in the ...
MyBB < 1.8.31 RCE Vulnerability (GHSA-hxhm-rq9f-7xj7)
MyBB is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mybb:mybb";...
Double free
MyBB is a free and open source forum software. The Mail Settings ? Additional Parameters for PHP's mail function mailparameters setting value, in connection with the configured mail program's options and behavior, may allow access to sensitive information and Remote Code Execution RCE. The...
MyBB 1.8.29 - MyBB 1.8.29 - Remote Code Execution (Authenticated) Exploit
Exploit Title: MyBB 1.8.29 - Remote Code Execution RCE Authenticated Exploit Author: Altelus Vendor Homepage: https://mybb.com/ Software Link: https://github.com/mybb/mybb/releases/tag/mybb1829 Version: MyBB 1.8.29 Tested on: Linux CVE : CVE-2022-24734 An RCE can be obtained on MyBB's Admin CP in...
MyBB 1.8.29 Remote Code Execution
Exploit Title: MyBB 1.8.29 - Remote Code Execution RCE Authenticated Date: 2022-05-08 Exploit Author: Altelus Vendor Homepage: https://mybb.com/ Software Link: https://github.com/mybb/mybb/releases/tag/mybb1829 Version: MyBB 1.8.29 Tested on: Linux CVE : CVE-2022-24734 An RCE can be obtained on...
MyBB 1.8.29 - MyBB 1.8.29 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: MyBB 1.8.29 - Remote Code Execution RCE Authenticated Date: 2022-05-08 Exploit Author: Altelus Vendor Homepage: https://mybb.com/ Software Link: https://github.com/mybb/mybb/releases/tag/mybb1829 Version: MyBB 1.8.29 Tested on: Linux CVE : CVE-2022-24734 An RCE can be obtained on...
MyBB 1.2.0 - 1.8.29 RCE Vulnerability (GHSA-876v-gwgh-w57f)
MyBB is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mybb:mybb";...
MyBB Remote Code Execution Vulnerability (CNVD-2022-20097)
MyBB is a free and web-based forum software developed by MyBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. A remote code execution vulnerability exists in MyBB, which can be exploited to cause a Remote Code Execution RCE...
CVE-2022-24734
MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type php with PHP code, executed on on Change Settings pages. This resul...
Design/Logic Flaw
MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type php with PHP code, executed on on Change Settings pages. This resul...
CVE-2022-24734 Remote code execution in mybb
MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type php with PHP code, executed on on Change Settings pages. This resul...
CVE-2022-24734 Remote code execution in mybb
MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type php with PHP code, executed on on Change Settings pages. This resul...