Headline
CVE-2023-41362: Version 1.8.36 - MyBB
MyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval, and there was some validation of the input to eval, but type juggling interfered with this when using PCRE within PHP.
MyBB 1.8.36
28 August 2023
Full Package
Install a new MyBB forum or upgrade from older versions.
.zip – 2.21 MB
Download from MyBB.com Download from GitHub.com (mirror)
sha512:
5ffe9f3ed46525eda68ac1204bc2a65241a61506605d9ea88d92d49e6a0782adfa5920e9f9d6f45446c2814eba016ed45ab958966ea8c947bca01fc08d64058e
More checksums…
sha256:
afd81b7c460c601964aae03ee79c4279acf80809ff898a6504d16f872e64cb7d
sha1:
edca66b2cf7292e68a005b64995ad2da8c78ae73
md5:
66e5994f46caac3273021a9d9213deba
Changed Files
Upgrade from the previous version.
.zip – 0.01 MB
Download from MyBB.com Download from GitHub.com (mirror)
sha512:
bb5120f2a5bcd0764f2ce157ef416b273734a0322f7f12747166a7ef73f841fe5e57d57fa649dab4fff1af357e92cd6773b8e35af370216996aa8864605abfa5
More checksums…
sha256:
58c57f457f0db7563fb4b7fd5e60c641cc4ce8803e1a2e0f2f1d67008b533432
sha1:
618e78a8789727e7917080c5a88807ec7b71e84b
md5:
f6450cfe496449fdd4452eafad7dd94b
How to verify packages
Upgrading to this Version
To upgrade from the previous version: copy and overwrite files from the Changed Files package.
Upgrading from older versions may require running the install/ upgrade script.
Before performing any upgrade, remember to backup your forum’s files and database and store them safely.
If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.
Follow the Upgrade Documentation for more detailed instructions.
Security Vulnerabilities Addressed (1)
High risk
ACP Templates RCE [1]
CWE-94 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2023-41362 Reported by Emmet Leahy
Changed Files ()