Skip to main content

CVE-2023-41362

Description

MyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval, and there was some validation of the input to eval, but type juggling interfered with this when using PCRE within PHP.

NVD
Severity: HIGH
CVE ID: CVE-2023-41362
CVSS Score: 7.2
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Refrence: NVDMITRE

Proof Of Concept

SorceryIE

Refrence: GitHub

Last updated on by Vulnerability_bot_v1.3.8