PT-2024-19816 · Apache · Apache
Shin24
·
Published
2024-05-01
·
Updated
2025-06-30
·
CVE-2024-23335
CVSS v3.1
4.7
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
MyBB versions prior to 1.8.38
Description
The backup management module of the Admin CP in MyBB may accept
.htaccess as the name of the backup file to be deleted, potentially exposing stored backup files over HTTP on Apache servers.Recommendations
For MyBB versions prior to 1.8.38, upgrade to MyBB 1.8.38 to resolve the issue. As a temporary workaround, consider restricting access to the backup management module in the Admin CP until the upgrade is applied.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache