PT-2025-33087 · Mybb · Mybb
Published
2025-08-13
·
Updated
2025-08-14
·
CVE-2011-10018
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
myBB version 1.6.4
Description:
myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. This backdoor allowed remote attackers to execute arbitrary PHP code by injecting payloads into a specially crafted collapsed cookie. The vulnerability was introduced during packaging and was not part of the intended application logic. Exploitation does not require authentication and results in full compromise of the web server in the context of the web application.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
RCE
Hidden Functionality
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mybb