Description

Installer RCE on settings file write in MyBB before 1.8.22.

Remediation

References

CVE-2020-22612

Related Vulnerabilities

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Request Forgery (5.1.0)

MediaWiki Improper Authentication Vulnerability (CVE-2021-36128)

phpMyAdmin Improper Input Validation Vulnerability (CVE-2006-6943)

WordPress Plugin OnePress Social Locker Multiple Unspecified Vulnerabilities (4.2.5)

WordPress Plugin FireStats Multiple Cross-Site Scripting and Authentication Bypass Vulnerabilities (1.0.2)

Severity

Critical

Classification

CVE-2020-22612 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities