2 matches found
CVE-2024-23336
MyBB is a free and open source forum software. The default list of disallowed remote hosts does not contain the 127.0.0.0/8 block, which may result in a Server-Side Request Forgery SSRF vulnerability. The Configuration File's Disallowed Remote Addresses list $config'disallowedremoteaddresses'...
CVE-2024-23336
CVE-2024-23336 concerns MyBB (prior to 1.8.38) where the default Disallowed Remote Addresses list did not include 127.0.0.0/8, enabling potential SSRF against internal resources. The issue stems from the configuration in inc/config.php where disallowed_remote_addresses contains 127.0.0.1 but omit...