Login Sign Up

CVE-2021-27947

7.2 HIGH
SQL Injection

📋 TL;DR

This SQL injection vulnerability in MyBB allows attackers to execute arbitrary SQL commands through the Copy Forum feature in Forum Management. It affects MyBB installations before version 1.8.26 where administrative access is available. Successful exploitation could lead to data theft, modification, or deletion.

💻 Affected Systems

Products:
  • MyBB
Versions: All versions before 1.8.26
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires administrative access to the Forum Management interface.

📦 What is this software?

Mybb by Mybb

View all CVEs affecting Mybb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including user credential theft, privilege escalation, and potential remote code execution through database functions.

🟠

Likely Case

Data exfiltration of sensitive forum information, user data theft, and potential administrative account takeover.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing SQL injection.

🌐 Internet-Facing: MEDIUM - Requires administrative access but internet-facing admin panels increase exposure.
🏢 Internal Only: LOW - Requires authenticated administrative access, reducing exposure to trusted users.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires administrative privileges but SQL injection payloads are well-documented and easy to craft.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.8.26

Vendor Advisory: https://github.com/mybb/mybb/security/advisories/GHSA-jjx8-8mcp-7h65

Restart Required: No

Instructions:

1. Backup your database and files. 2. Download MyBB 1.8.26 or later. 3. Replace affected files with patched versions. 4. Verify functionality.

🔧 Temporary Workarounds

Disable Copy Forum Feature

all

Temporarily disable the Copy Forum functionality in Forum Management to prevent exploitation.

Modify admin permissions to remove 'Can Copy Forums' privilege

Input Validation Enhancement

all

Implement additional input validation for forum management parameters.

Add parameter validation in admin/modules/forum/management.php

🧯 If You Can't Patch

  • Restrict administrative access to trusted IP addresses only
  • Implement web application firewall with SQL injection rules

🔍 How to Verify

Check if Vulnerable:

Check MyBB version in Admin CP > Home > Version & Update or examine inc/version.php file.

Check Version:

grep "'version'" inc/version.php

Verify Fix Applied:

Verify version is 1.8.26 or later and test Copy Forum functionality with safe inputs.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed login attempts to admin panel
  • Unexpected forum copy operations

Network Indicators:

  • SQL injection patterns in HTTP POST requests to admin/modules/forum/management.php

SIEM Query:

source="web_logs" AND uri="/admin/modules/forum/management.php" AND (method="POST") AND (payload CONTAINS "UNION" OR payload CONTAINS "SELECT" OR payload CONTAINS "INSERT")

📊 Metadata

CVE ID: CVE-2021-27947
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: March 15, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-27947, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)