Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-24734: Version 1.8.30 - MyBB

MyBB is a free and open source forum software. In affected versions the Admin CP’s Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type php with PHP code, executed on on Change Settings pages. This results in a Remote Code Execution (RCE) vulnerability. The vulnerable module requires Admin CP access with the Can manage settings? permission. MyBB’s Settings module, which allows administrators to add, edit, and delete non-default settings, stores setting data in an options code string ($options_code; mybb_settings.optionscode database column) that identifies the setting type and its options, separated by a new line character (\n). In MyBB 1.2.0, support for setting type php was added, for which the remaining part of the options code is PHP code executed on Change Settings pages (reserved for plugins and internal use). MyBB 1.8.30 resolves this issue. There are no known workarounds.

CVE
#vulnerability#git#php#rce#zero_day

MyBB 1.8.30

09 March 2022

Full Package

Install a new MyBB forum or upgrade from older versions.

.zip – 2.17 MB

Download from MyBB.com Download from GitHub.com (mirror)

sha512:

514e0cfc5962a6b748c31095bd1614cb03cb0e20051a9daf083273124150dea265708fa148e5ef99d4becf7a705d75497ae04a549660cd86640268176f41919f

More checksums…

sha256:

9ef240c451b4c324d4b9d5201e1c28a49e5bbccf7f8b6bcade115375b933bc2f

sha1:

85f6bc43a2536adab9a2ce6c4f5c04e53375979c

md5:

608cef1f9fabdde24ffbbc926e4ab518

Changed Files

Upgrade from the previous version.

.zip – 0.02 MB

Download from MyBB.com Download from GitHub.com (mirror)

sha512:

3296debf38ea18bc51441a70f8ee81996367ba0dfbe95a58de731205a8f7c258c99ce798717633719cbfea2741cf157500f13f7057986b7b8e11d256e7305623

More checksums…

sha256:

7fd6abef3d0bb5c0c6f7ce4e63f974bbb5b1b07ab97f04ec4a8f67ab7415b54a

sha1:

701eb5713acf073a4587aab910b1705cf429ef80

md5:

42e9757af14affc998c9aa9b6dc96cc1

How to verify packages

Upgrading to this Version

To upgrade from the previous version: copy and overwrite files from the Changed Files package.

Upgrading from older versions may require running the install/ upgrade script.

Before performing any upgrade, remember to backup your forum’s files and database and store them safely.

If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

Follow the Upgrade Documentation for more detailed instructions.

Security Vulnerabilities Addressed (1)

High risk

ACP Settings management RCE [1]

CWE-94 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-24734 Reported by Cillian Collins / Trend Micro Zero Day Initiative

Changed Files ()

Related news

CVE-2022-38108: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-36957: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

MyBB Admin Control Remote Code Execution

This Metasploit module exploits an improper input validation vulnerability in MyBB versions prior to 1.8.30 to execute arbitrary code in the context of the user running the application. The MyBB Admin Control setting page calls the PHP eval function with unsanitized user input. The exploit adds a new setting, injecting the payload in the vulnerable field, and triggers its execution with a second request. Finally, it takes care of cleaning up and removes the setting. Note that authentication is required for this exploit to work and the account must have rights to add or update settings (typically, the myBB administrator role).

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907