Description

MyBB before 1.8.33 allows Directory Traversal. The Admin CP Languages module allows remote authenticated users, with high privileges, to achieve local file inclusion and execution.

Remediation

References

CVE-2022-45867

Related Vulnerabilities

WordPress Plugin Order Export & Order Import for WooCommerce Information Disclosure (1.0.8)

WordPress Plugin Salon Booking System Cross-Site Scripting (6.3)

Drupal Core 9.1.x Directory Traversal (9.1.0 - 9.1.10)

XWiki Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') Vulnerability (CVE-2023-29511)

YUI Library Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4208)

Severity

High

Classification

CVE-2022-45867 CWE-22 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities