Description

MyBB before 1.8.33 allows Directory Traversal. The Admin CP Languages module allows remote authenticated users, with high privileges, to achieve local file inclusion and execution.

Remediation

References

CVE-2022-45867

Related Vulnerabilities

Oracle JRE CVE-2013-5825 Vulnerability (CVE-2013-5825)

WordPress Plugin Ibtana-Ecommerce Product Addons Cross-Site Scripting (0.2.3)

Drupal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2015-7943)

Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-1810)

WebLogic CVE-2023-21964 Vulnerability (CVE-2023-21964)

Severity

High

Classification

CVE-2022-45867 CWE-22 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities