Summary
MyBB's unset_globals() function can be bypassed under special conditions and it is possible to allows remote code execution.
Impact
Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the affected application.
Solution
Updates are available.
Affected
MyBB <= 1.8.2
Detection
Send a large special crafted HTTP GET request and check the response.
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities
- Apple Safari RSS Feed Information Disclosure Vulnerability
- Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
- Adobe ColdFusion Multiple Vulnerabilities-02 May-2014
- ARRIS 2307 Unprotected Web Console