CNNVD-202512-3915 Information
CNNVD ID
CNNVD-202512-3915
Related CVE
- CNNVD Published: 2025-12-22
Description (Chinese)
MyBB(MyBulletinBoard)是MyBB团队的一套用PHP和MySQL开发的免费且基于Web的论坛软件。该软件具有简单易用、支持多国语言、可扩展等特点。 MyBB 1.8.32版本存在路径遍历漏洞,该漏洞源于允许经过身份验证的管理员绕过头像上传限制并执行任意代码。
Description (English)
MyBB (MyBulletinBoard) is a free Web-based forum software developed by MyBB teams using PHP and MySQL. The software is simple, easy to use, multi-country language support, and scalable. Version 1.8.32 of the MyBB 1.8.32 contains a loophole in the path, which stems from allowing an identity-certified administrator to bypass the header upload restrictions and enforce any code.
Hazard Level
Medium
Vulnerability Type
路径遍历
Affected Vendor
MyBB
Published
2025-12-22
Last Modified
2026-02-24
References
https://fdlucifer.github.io/2023/01/17/mybb1-8-32-LFI-RCE/ https://mybb.com/ https://www.exploit-db.com/exploits/51213 https://www.vulncheck.com/advisories/mybb-authenticated-remote-code-execution-via-chained-vulnerabilities