6 matches found
Metasploit Weekly Wrap-Up
Ask and you may receive Module suggestions for the win, this week we see a new module written by jheysel-r7 based on CVE-2022-26352 that happens to have been suggested by jvoisin in the issue queue last month. This module targets an arbitrary file upload in dotCMS versions before 22.03, 5.3.8.10,...
MyBB Admin Control Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MyBB Admin Control Code Injection RCE', 'Description' = %q This exploit module leverages an improper input validation vulnerability in MyBB prior...
MyBB 1.8.29 - MyBB 1.8.29 - Remote Code Execution (Authenticated) Exploit
Exploit Title: MyBB 1.8.29 - Remote Code Execution RCE Authenticated Exploit Author: Altelus Vendor Homepage: https://mybb.com/ Software Link: https://github.com/mybb/mybb/releases/tag/mybb1829 Version: MyBB 1.8.29 Tested on: Linux CVE : CVE-2022-24734 An RCE can be obtained on MyBB's Admin CP in...
CVE-2022-24734
creationtimestamp| type| source ---|---|--- 2022-03-10 00:12:09+00:00| seen| https://t.me/cibsecurity/38631 2022-05-11 20:08:56+00:00| published-proof-of-concept| Telegram/qeIlHXwk6VKV4UhXVPLQLbzvqENjIaoZ6ZELYqE5ad4Jd8Y 2022-05-11 21:15:25+00:00| published-proof-of-concept| https://t.me/MrVGunz/1...
CVE-2022-24734 Remote code execution in mybb
MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type php with PHP code, executed on on Change Settings pages. This resul...
CVE-2022-24734
Summary (CVE-2022-24734) : MyBB Admin Control Panel Settings module fails to validate setting types on insert/update, allowing a crafted PHP setting to be executed on Change Settings pages. This enables Remote Code Execution (RCE) if the attacker can access Admin CP with the Can manage settings? ...