2 matches found
CVE-2025-48940 MyBB's upgrade component vulnerable to local file inclusion
MyBB is free and open source forum software. Prior to version 1.8.39, the upgrade component does not validate user input properly, which allows attackers to perform local file inclusion LFI via a specially crafted parameter value. In order to exploit the vulnerability, the installer must be...
CVE-2025-48940
CVE-2025-48940 affects MyBB pre-1.8.39 where the upgrade component does not validate input, enabling local file inclusion (LFI) via a crafted parameter when the installer is unlocked and the upgrade script is accessible (e.g., reinstall or admin-authenticated scenarios). MyBB 1.8.39 resolves the ...