MyBB before 1.8.33 allows Directory Traversal. The Admin CP Languages module allows remote authenticated users, with high privileges, to achieve local file inclusion and execution.
References
Link | Resource |
---|---|
https://github.com/mybb/mybb/security/advisories/GHSA-cpfv-6f8w-759r | Patch Release Notes Third Party Advisory |
Configurations
History
10 Jan 2023, 03:23
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
CPE | cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:* | |
References | (CONFIRM) https://github.com/mybb/mybb/security/advisories/GHSA-cpfv-6f8w-759r - Patch, Release Notes, Third Party Advisory | |
First Time |
Mybb mybb
Mybb |
|
CWE | CWE-22 |
03 Jan 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-03 20:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-45867
Mitre link : CVE-2022-45867
CVE.ORG link : CVE-2022-45867
JSON object : View
Products Affected
mybb
- mybb
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')