CVE-2021-43281
MyBB prior to 1.8.29 is vulnerable to Remote Code Injection via the Admin CP Settings module. The issue arises because the Settings management code does not validate setting types on insert/update, allowing an admin with the Can manage settings? permission to inject PHP code through a setting of ...