3 matches found
Exploit for Code Injection in Mybb
mybb-CVE-2022-24734 MyBB 1.8.29 - Remote Code Execution...
MyBB 1.8.29 - MyBB 1.8.29 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: MyBB 1.8.29 - Remote Code Execution RCE Authenticated Date: 2022-05-08 Exploit Author: Altelus Vendor Homepage: https://mybb.com/ Software Link: https://github.com/mybb/mybb/releases/tag/mybb1829 Version: MyBB 1.8.29 Tested on: Linux CVE : CVE-2022-24734 An RCE can be obtained on...
PT-2021-23801 · Mybb · Mybb
Name of the Vulnerable Software and Affected Versions: MyBB versions prior to 1.8.29 Description: The issue allows Remote Code Injection by an admin with the "Can manage settings?" permission. The Admin CP's Settings management module does not validate setting types correctly on insertion and...