Description

The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.

Remediation

References

CVE-2017-16780

Related Vulnerabilities

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-7830)

WordPress Plugin Virim PHP Object Injection (0.4)

WordPress Plugin Events by Devllo Cross-Site Scripting (1.0.4.2)

WordPress Plugin WP Maintenance Mode & Site Under Construction Cross-Site Request Forgery (1.8.2)

WordPress Plugin Maps Widget for Google Maps-Google Maps Builder Security Bypass (4.16)

Severity

Critical

Classification

CVE-2017-16780 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities