Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MyBB's upgrade component vulnerable to local file inclusion
Vulnerability Description
MyBB is free and open source forum software. Prior to version 1.8.39, the upgrade component does not validate user input properly, which allows attackers to perform local file inclusion (LFI) via a specially crafted parameter value. In order to exploit the vulnerability, the installer must be unlocked (no `install/lock` file present) and the upgrade script must be accessible (by re-installing the forum via access to `install/index.php`; when the forum has not yet been installed; or the attacker is authenticated as a forum administrator). MyBB 1.8.39 resolves this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
MyBB 路径遍历漏洞
Vulnerability Description
MyBB(MyBulletinBoard)是MyBB团队的一套用PHP和MySQL开发的免费且基于Web的论坛软件。该软件具有简单易用、支持多国语言、可扩展等特点。 MyBB 1.8.39之前版本存在路径遍历漏洞,该漏洞源于升级组件未正确验证用户输入,可能导致本地文件包含。
CVSS Information
N/A
Vulnerability Type
N/A