Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MyBB < 1.8.4 Multiple Vulnerabilities

High

Synopsis

The remote web server is running a PHP application that is vulnerable to multiple attack vectors.

Description

Versions of MyBB (MyBulletinBoard) prior to 1.8.4 are affected by the following vulnerabilities :

- A flaw exists that allows a cross-site scripting (XSS) attack. This flaw exists because the 'member.php' script does not validate input before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 118516) - A flaw exists that allows a XSS attack. This flaw exists because the MyCode editor does not validate input before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 118517) - A flaw exists related to ACP login as HTTP requests do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. By tricking a user into following a specially crafted link, a context-dependent attacker can perform a Cross-Site Request Forgery (CSRF / XSRF) attack causing the victim to have an unspecified impact, though it is presumably related to the ACP login funtionality. (OSVDB 118519) - A flaw exists that is triggered as group join request notifications are sent to the wrong group leaders. This may allow a remote attacker to gain access to potentially sensitive information. (OSVDB 118520) - A flaw exists in the cache handler that is triggered as 'var_export' is used without encoding checks. This may allow an attacker to have an unspecified impact. (OSVDB 118521) - A flaw exists in the JSON library that may allow a remote attacker to disclose the software's installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks. (OSVDB 118522) - Multiple flaws exist that allow stored XSS attacks in the following scripts : /admin/modules/config/mycode.php (OSVDB 118909) /admin/modules/user/groups.php (OSVDB 118911) /admin/modules/style/templates.php (OSVDB 118912) /admin/modules/tools/tasks.php (OSVDB 118913) /admin/modules/config/post_icons.php (OSVDB 118914) /admin/modules/config/banning.php (OSVDB 118916) /admin/modules/user/users.php (OSVDB 138135) These flaws exist because the input is not validated for various fields when creating and editing users before returning it to users. This may allow an authenticated, remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.

Solution

Upgrade to MyBB version 1.8.4 or higher.