Luc1F3R11

**Name of the Vulnerable Software and Affected Versions** MyBB version 1.8.32 **Description** MyBB version 1.8.32 contains a chained issue that allows authenticated administrators to bypass avatar upload restrictions and potentially execute arbitrary code. Attackers can modify upload path settings, upload a malicious PHP-embedded image file, and execute commands through the language configuration editing interface. The vulnerability involves bypassing restrictions on avatar uploads, which can lead to the execution of unauthorized code. **Recommendations** Update to a newer version that contains a fix for this vulnerability.