CVE-2023-41362

Name of the Vulnerable Software and Affected Versions MyBB versions prior to 1.8.36

Description The issue is related to code injection by users with certain high privileges in the MyBB software. Templates in the Admin CP intentionally use eval, and there was some validation of the input to eval, but type juggling interfered with this when using PCRE within PHP. This can allow a remote attacker to execute arbitrary code.

Recommendations For MyBB versions prior to 1.8.36, update to version 1.8.36 or later to resolve the issue. As a temporary workaround, consider restricting access to the Admin CP templates that use eval to minimize the risk of exploitation.