Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv3

CVE-2023-41362

Published: 29/08/2023 Updated: 11/09/2023
CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2
VMScore: 0
Subscribe to Mybb

Vulnerability Summary

MyBB prior to 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval, and there was some validation of the input to eval, but type juggling interfered with this when using PCRE within PHP.

Vulnerable Product Search on Vulmon Subscribe to Product

mybb mybb

Github Repositories

https://github.com/SorceryIE/CVE-2023-41362_MyBB_ACP_RCE

CVE-2023-41362 - MyBB ACP RCE Exploit for CVE-2023-41362 Blog post: blogsorceryie/posts/mybb_acp_rce

References

CWE-94https://mybb.com/versions/1.8.36/https://github.com/mybb/mybb/commit/a43a6f22944e769a6eabc58c39e7bc18c1cab4ca.patchhttps://github.com/mybb/mybb/security/advisories/GHSA-pr74-wvp3-q6f5https://blog.sorcery.ie/posts/mybb_acp_rce/https://nvd.nist.govhttps://github.com/SorceryIE/CVE-2023-41362_MyBB_ACP_RCE
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000CVE-2024-4439unauthorizedCVE-2024-0042CVE-2024-31848CVE-2023-40694cache poisoningCVE-2024-23707firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook