Lucene search
K

6 matches found

Rapid7 Blog
Rapid7 Blog
added 2022/06/03 7:35 p.m.64 views

Metasploit Weekly Wrap-Up

Ask and you may receive Module suggestions for the win, this week we see a new module written by jheysel-r7 based on CVE-2022-26352 that happens to have been suggested by jvoisin in the issue queue last month. This module targets an arbitrary file upload in dotCMS versions before 22.03, 5.3.8.10,...

6.5CVSS0.4AI score0.91501EPSS
Exploits13
Packet Storm
Packet Storm
added 2022/05/31 12:0 a.m.318 views

MyBB Admin Control Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MyBB Admin Control Code Injection RCE', 'Description' = %q This exploit module leverages an improper input validation vulnerability in MyBB prior...

7.2CVSS0.5AI score0.77677EPSS
Exploits9
0day.today
0day.today
added 2022/05/12 12:0 a.m.327 views

MyBB 1.8.29 - MyBB 1.8.29 - Remote Code Execution (Authenticated) Exploit

Exploit Title: MyBB 1.8.29 - Remote Code Execution RCE Authenticated Exploit Author: Altelus Vendor Homepage: https://mybb.com/ Software Link: https://github.com/mybb/mybb/releases/tag/mybb1829 Version: MyBB 1.8.29 Tested on: Linux CVE : CVE-2022-24734 An RCE can be obtained on MyBB's Admin CP in...

7.2CVSS0.2AI score0.77677EPSS
Exploits9
Circl
Circl
added 2022/03/10 12:12 a.m.11 views

CVE-2022-24734

creationtimestamp| type| source ---|---|--- 2022-03-10 00:12:09+00:00| seen| https://t.me/cibsecurity/38631 2022-05-11 20:08:56+00:00| published-proof-of-concept| Telegram/qeIlHXwk6VKV4UhXVPLQLbzvqENjIaoZ6ZELYqE5ad4Jd8Y 2022-05-11 21:15:25+00:00| published-proof-of-concept| https://t.me/MrVGunz/1...

7.2CVSS6.8AI score0.77677EPSS
Exploits9References6
Vulnrichment
Vulnrichment
added 2022/03/09 9:25 p.m.7 views

CVE-2022-24734 Remote code execution in mybb

MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type php with PHP code, executed on on Change Settings pages. This resul...

7.2CVSS7.3AI score0.77677EPSS
Exploits9References6
CVE
CVE
added 2022/03/09 9:25 p.m.144 views

CVE-2022-24734

Summary (CVE-2022-24734) : MyBB Admin Control Panel Settings module fails to validate setting types on insert/update, allowing a crafted PHP setting to be executed on Change Settings pages. This enables Remote Code Execution (RCE) if the attacker can access Admin CP with the Can manage settings? ...

7.2CVSS7.2AI score0.77677EPSS
Exploits9References6Affected Software1
Rows per page
Query Builder