Home > Vulnerability Database > CVE-2023-41362

Mend.io Vulnerability Database

CVE-2023-41362

Good to know:

Date: August 28, 2023

MyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval, and there was some validation of the input to eval, but type juggling interfered with this when using PCRE within PHP.

Language: PHP

Severity Score

7.2

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-41362

Url: https://github.com/mybb/mybb/security/advisories/GHSA-pr74-wvp3-q6f5

Url: https://github.com/mybb/mybb/commit/a43a6f22944e769a6eabc58c39e7bc18c1cab4ca.patch

Url: https://blog.sorcery.ie/posts/mybb_acp_rce/

Url: https://mybb.com/versions/1.8.36/

Url: https://www.mend.io/vulnerability-database/CVE-2023-41362

Severity Score

7.2

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

Top Fix

Upgrade Version

Upgrade to version olada/mybbintegrator - no_fix;aa6my/mybbintegrator - no_fix

Learn More

CVSS v3.1

Base Score:	7.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-41362

Good to know:

Date: August 28, 2023

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?