📦 Mybb

CVE-2011-10018 is a critical backdoor vulnerability in myBB 1.6.4 that allows unauthenticated remote attackers to execute arbitrary PHP code via manipulated cookies. This results in complete compromis...

This vulnerability allows authenticated administrators in MyBB 1.8.32 to bypass avatar upload restrictions and execute arbitrary code through a chained attack. Attackers can modify upload paths, uploa...

This vulnerability in MyBB forum software allows attackers to perform local file inclusion (LFI) through improper input validation in the upgrade component. Attackers can read arbitrary files from the...

This vulnerability in MyBB 1.8.38 allows remote attackers to obtain sensitive information through the Import a Theme function, potentially via Server-Side Request Forgery (SSRF). The vulnerability aff...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in MyBB 1.8.38's Mail function that could allow attackers to access internal network resources. The vulnerability affects MyBB for...

This DOM-based XSS vulnerability in MyBB forum software allows attackers to execute malicious JavaScript in victims' browsers by tricking them into viewing specially crafted MyCode messages in the vis...

This vulnerability allows authenticated administrators with settings management permissions to inject PHP code into MyBB forum settings, leading to remote code execution. It affects MyBB versions befo...

This vulnerability allows authenticated MyBB administrators with 'Can manage settings?' permission to inject and execute arbitrary PHP code through the Admin Control Panel's Settings management module...

CVE-2021-27890 is a SQL injection vulnerability in MyBB forum software that allows attackers to execute arbitrary SQL commands via malicious theme XML files. This can lead to remote code execution by ...

This SQL injection vulnerability in MyBB allows attackers to execute arbitrary SQL commands through the Copy Forum feature in Forum Management. It affects MyBB installations before version 1.8.26 wher...

This stored XSS vulnerability in myBB Forums allows authenticated administrators to inject malicious JavaScript into template titles. When these templates are viewed, the scripts execute in users' bro...

This stored XSS vulnerability in myBB Forums allows authenticated administrators to inject malicious JavaScript when creating new forums. The injected scripts execute when other users view the forum l...

CVE-2023-53978 is a stored cross-site scripting vulnerability in myBB Forums that allows authenticated administrators to inject malicious JavaScript when creating forum announcements. This vulnerabili...

A stored cross-site scripting (XSS) vulnerability in MyBB v1.8.38 allows attackers to inject malicious scripts into the Website Name parameter during installation. This could enable session hijacking,...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in MyBB forum software where the default disallowed remote hosts list doesn't include the complete 127.0.0.0/8 block, allowing att...