Description

The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.

Remediation

References

CVE-2017-16780

Related Vulnerabilities

RubyGems Cryptographic Issues Vulnerability (CVE-2013-4287)

ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9457)

WordPress Plugin WP Web Scraper Unspecified Vulnerability (2.4)

WordPress Plugin WP-FB-AutoConnect Multiple Cross-Site Request Forgery Vulnerabilities (4.0.5)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4589)

Severity

Critical

Classification

CVE-2017-16780 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities