PT-2021-20129 · Mybb · Hide-Thread-Content

0Xb9

Published

2021-01-28

Updated

2021-02-04

CVE-2021-3337

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Hide-Thread-Content plugin for MyBB versions through 2021-01-27

Description The issue allows remote attackers to bypass intended content-reading restrictions by clicking on reply or quote in the postbit.

Recommendations For Hide-Thread-Content plugin for MyBB versions through 2021-01-27, consider disabling the reply or quote functionality in the postbit until a patch is available. Restrict access to the postbit to minimize the risk of exploitation.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2021-3337

Affected Products

Hide-Thread-Content

PT-2021-20129 · Mybb · Hide-Thread-Content

CVE-2021-3337

Weakness Enumeration

Related Identifiers

Affected Products

References · 6