PT-2019-12973 · Mybb · Mybb
Robin Peraglie
+1
·
Published
2019-06-15
·
Updated
2019-06-17
·
CVE-2019-12831
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MyBB versions prior to 1.8.21
Description
The issue allows an attacker to create a PHP shell in the cache directory of a targeted forum via a crafted XML import. This is achieved by exploiting a default behavior of MySQL on many systems, where strings that are too long for a database column are truncated. For example, a string like
aaaaaaaaaaaaaaaaaaaaaa.php.css can be truncated to aaaaaaaaaaaaaaaaaaaaaa.php due to a 30-character limit, leading to remote code execution.Recommendations
For MyBB versions prior to 1.8.21, update to version 1.8.21 or later to resolve the issue.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mybb