2 matches found
CVE-2019-12831
In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems that leads to truncation of strings that are too long for a database column to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of...
CVE-2019-12831
CVE-2019-12831 affects MyBB up to version 1.8.20. A crafted XML import can exploit MySQL’s string truncation during imports, enabling an attacker to write a PHP shell into the forum’s cache directory (demonstrated by truncating aaaaaaaaaaaaaaaaaaaaaaaaaa.php.css to aaaaaaaaaaaaaaaaaaaaaaaaaa.php ...