|Category:||Web application abuses|
|Title:||MyBB < 1.8.21 Multiple Vulnerabilities|
|Summary:||MyBB is prone to multiple vulnerabilities.|
MyBB is prone to multiple vulnerabilities.
Following vulnerabilities exist:
- An attacker can exploit a parsing flaw in the Private Message / Post renderer
that leads to [video] BBCode persistent XSS to take over any forum account,
aka a nested video MyCode issue. (CVE-2019-12830)
- An attacker can abuse a default behavior of MySQL on many systems
(that leads to truncation of strings that are too long for a database column)
to create a PHP shell in the cache directory of a targeted forum via a crafted XML import,
aka theme import stylesheet name RCE. (CVE-2019-12831)
- Find Orphaned Attachments reflected XSS
- Post edit reflected XSS
- Private Messaging folders SQL injection
- Potential phar deserialization through Upload Path
Successful exploitation would allow an attacker to execute arbitrary code on the target machine.
MyBB through version 1.8.20.
Update to version 1.8.21.
Common Vulnerability Exposure (CVE) ID: CVE-2019-12830|
Common Vulnerability Exposure (CVE) ID: CVE-2019-12831
|Copyright||Copyright (C) 2019 Greenbone Networks GmbH|
|This is only one of 74190 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.