Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-22612: Version 1.8.22 - MyBB

Installer RCE on settings file write in MyBB before 1.8.22.

CVE
Open in Source
#xss#vulnerability#git#java#rce

MyBB 1.8.22

30 December 2019

SecurityMaintenance

code 1822

Full Package

Install a new MyBB forum or upgrade from older versions.

.zip – 2.13 MB

Download from MyBB.com Download from GitHub.com (mirror)

sha512:

dad3dad5d443cd7e811ac314d1ef133aa05bb09e2953a92c8188a6d6a65e0147daf8712138f9fba65fff159e653c074847021cef15651ac117e28f80ef5b9c65

More checksums…

sha256:

645a48550d484a4042a355ad71238e76e96c728368002853626bd5b937f72f64

sha1:

d9773530d8aa269cfb83a5665020d098e0cd674d

md5:

45892177d4551031dcc2ed83bedca5bc

Changed Files

Upgrade from the previous version.

.zip – 0.87 MB

Download from MyBB.com Download from GitHub.com (mirror)

sha512:

487fbbcd8bb83e7a3087118f2444c759e00df7f111af07f94e410e435f55b41cd8f50b13417963e9cea008d989944e2cfed2d52eda9b84914e7646e3dc03980d

More checksums…

sha256:

dccd77fd8afc596b877c6d94a199f6cc89a70f64aa305a7f1a3dd267b251ef38

sha1:

598ba7961161b872d0b1db41a47a16bc2e678822

md5:

bee75dced8f0a18a4a13e7cf95e5551b

How to verify packages

Upgrading to this Version

To upgrade: copy and overwrite the files, and run the install/ upgrade script.

Before performing any upgrade, remember to backup your forum’s files and database and store them safely.

If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

Follow the Upgrade Documentation for more detailed instructions.

Security Vulnerabilities Addressed (5)

High risk

Installer RCE on settings file write

CWE-94 CVSS:3.1/PR:N Reported by yelang123 Stealien

Medium risk

Arbitrary upload paths & Local File Inclusion RCE

CWE-94 CVSS:3.1/PR:H Reported by CNCERT

Medium risk

XSS via insufficient HTML sanitization of Blog feed & Extend data

CWE-79 CVSS:3.1/PR:H Reported by Devilshakerz MyBB Team

Issues Resolved (36)View issues on GitHub

Changed Files ()

Changed Language Files (16)There are changes to 16 language file(s). Changed languages files can be cross-referenced from the list above.

Changed Templates (17)

  • codebuttons
  • forumdisplay_searchforum
  • header_quicksearch
  • member_profile_contact_details
  • member_referral_row
  • member_referrals
  • member_referrals_popup
  • memberlist_search
  • modcp_editprofile
  • moderation_inline_movethreads
  • portal_search
  • post_attachments
  • post_javascript
  • search
  • showthread
  • usercp_changename
  • usercp_profile_contact_fields

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE