Detections
Analytics
MyBB 1.6.4 Backdoor PHP Remote Code Execution
high Nessus Plugin ID 56512
Language:
Synopsis
The remote web server hosts a PHP application that is affected by a remote code execution vulnerability.Description
A version of MyBB 1.6.4 with a backdoor was detected on the remote host. The MyBB source code repository was compromised, and backdoor code was added to allow arbitrary PHP execution. The backdoor is present in MyBB 1.6.4 downloaded on or before October 6, 2011. A remote, unauthenticated attacker can exploit this to execute arbitrary PHP code on the affected host, subject to the privileges under which the web server runs.Solution
Install the latest version of MyBB 1.6.4. Alternatively, apply the patch referenced in the vendor advisory.See Also
https://blog.mybb.com/2011/10/06/1-6-4-security-vulnerabilit/
http://blog.mybb.com/wp-content/uploads/2011/10/mybb_1604_patches.txt
Plugin Details
Severity: High
ID: 56512
File Name: mybb_collapse_backdoor.nasl
Version: 1.11
Type: remote
Family: CGI abuses
Published: 10/14/2011
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
CVSS Score Rationale: Score based on analysis of the vulnerability.
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.2
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: manual
Vulnerability Information
CPE: cpe:/a:mybb:mybb
Required KB Items: www/PHP, installed_sw/MyBB
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 10/6/2011
Vulnerability Publication Date: 10/6/2011
Exploitable With
Metasploit (myBB 1.6.4 Backdoor Arbitrary Command Execution)
Elliot (MyBB 1.6.4 RCE)
Reference Information
BID: 49993
SECUNIA: 46300