MyBB < 1.8.6 Arbitrary Code Execution
Critical Nessus Network Monitor Plugin ID 9946
SynopsisThe remote web server is running a PHP application that is vulnerable to an arbitrary code execution attack vector.
DescriptionVersions of MyBB (MyBulletinBoard) prior to 1.8.6 are affected by a flaw in the '__wakeup()' method that is triggered when deserializing specially crafted GMP objects. This may allow a remote attacker to potentially execute arbitrary code.
SolutionUpgrade to MyBB version 1.8.6 or later.