FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mybb -- multible vulnerabilities

Affected packages
mybb < 1.8.22

Details

VuXML ID 198a120d-c22d-11ea-9172-4c72b94353b5
Discovery 2019-12-30
Entry 2020-07-09

mybb Team reports:

High risk: Installer RCE on settings file write

Medium risk: Arbitrary upload paths and Local File Inclusion RCE

Medium risk: XSS via insufficient HTML sanitization of Blog feed and Extend data

Low risk: Open redirect on login

Low risk: SCEditor reflected XSS

[source]

References

URL https://blog.mybb.com/2019/12/30/mybb-1-8-22-released-security-maintenance-release/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.