Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Mail settings' command parameter injection in mybb
Vulnerability Description
MyBB is a free and open source forum software. The _Mail Settings_ → Additional Parameters for PHP's mail() function mail_parameters setting value, in connection with the configured mail program's options and behavior, may allow access to sensitive information and Remote Code Execution (RCE). The vulnerable module requires Admin CP access with the `_Can manage settings?_` permission and may depend on configured file permissions. MyBB 1.8.31 resolves this issue with the commit `0cd318136a`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
MyBB 注入漏洞
Vulnerability Description
MyBB(MyBulletinBoard)是MYBB团队的开发的一套用PHP和MySQL开发的免费且基于Web的论坛软件。该软件具有简单易用、支持多国语言、可扩展等特点。 MyBB存在注入漏洞,该漏洞源于其PHP的mail()函数的mail_parameters设置值的附加参数_Mail Settings_ ?,与配置的邮件程序的选项和行为相关联,可能允许访问敏感信息和远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A