Headline
CVE-2022-24734: Version 1.8.30 - MyBB
MyBB is a free and open source forum software. In affected versions the Admin CP’s Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type php with PHP code, executed on on Change Settings pages. This results in a Remote Code Execution (RCE) vulnerability. The vulnerable module requires Admin CP access with the Can manage settings? permission. MyBB’s Settings module, which allows administrators to add, edit, and delete non-default settings, stores setting data in an options code string ($options_code; mybb_settings.optionscode database column) that identifies the setting type and its options, separated by a new line character (\n). In MyBB 1.2.0, support for setting type php was added, for which the remaining part of the options code is PHP code executed on Change Settings pages (reserved for plugins and internal use). MyBB 1.8.30 resolves this issue. There are no known workarounds.
MyBB 1.8.30
09 March 2022
Full Package
Install a new MyBB forum or upgrade from older versions.
.zip – 2.17 MB
Download from MyBB.com Download from GitHub.com (mirror)
sha512:
514e0cfc5962a6b748c31095bd1614cb03cb0e20051a9daf083273124150dea265708fa148e5ef99d4becf7a705d75497ae04a549660cd86640268176f41919f
More checksums…
sha256:
9ef240c451b4c324d4b9d5201e1c28a49e5bbccf7f8b6bcade115375b933bc2f
sha1:
85f6bc43a2536adab9a2ce6c4f5c04e53375979c
md5:
608cef1f9fabdde24ffbbc926e4ab518
Changed Files
Upgrade from the previous version.
.zip – 0.02 MB
Download from MyBB.com Download from GitHub.com (mirror)
sha512:
3296debf38ea18bc51441a70f8ee81996367ba0dfbe95a58de731205a8f7c258c99ce798717633719cbfea2741cf157500f13f7057986b7b8e11d256e7305623
More checksums…
sha256:
7fd6abef3d0bb5c0c6f7ce4e63f974bbb5b1b07ab97f04ec4a8f67ab7415b54a
sha1:
701eb5713acf073a4587aab910b1705cf429ef80
md5:
42e9757af14affc998c9aa9b6dc96cc1
How to verify packages
Upgrading to this Version
To upgrade from the previous version: copy and overwrite files from the Changed Files package.
Upgrading from older versions may require running the install/ upgrade script.
Before performing any upgrade, remember to backup your forum’s files and database and store them safely.
If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.
Follow the Upgrade Documentation for more detailed instructions.
Security Vulnerabilities Addressed (1)
High risk
ACP Settings management RCE [1]
CWE-94 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-24734 Reported by Cillian Collins / Trend Micro Zero Day Initiative
Changed Files ()
Related news
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
This Metasploit module exploits an improper input validation vulnerability in MyBB versions prior to 1.8.30 to execute arbitrary code in the context of the user running the application. The MyBB Admin Control setting page calls the PHP eval function with unsanitized user input. The exploit adds a new setting, injecting the payload in the vulnerable field, and triggers its execution with a second request. Finally, it takes care of cleaning up and removes the setting. Note that authentication is required for this exploit to work and the account must have rights to add or update settings (typically, the myBB administrator role).