Page 8 of 126 results (0.002 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance -> Task Manager -> Add New Task) that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. This attack appear to be exploitable via Must have access to admin panel. This vulnerability appears to have been fixed in 1.8.15. MyBB Group MyBB contiene una vulnerabilidad de inclusión de archivos en el panel de administrador (Tools and Maintenance -> Task Manager -> Add New Task) que puede resultar en que se permita la inclusión de archivos locales en versiones modernas de PHP y la inclusión de archivos remota en versiones antiguas de PHP. Para explotar este ataque, el atacante debe tener acceso al panel de administración. • http://www.batterystapl.es/2018/03/local-file-inclusion-and-reading.html https://blog.mybb.com/2018/03/15/mybb-1-8-15-released-security-maintenance-release • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target="_blank" rel="noopener"' in A elements, which makes it easier for remote attackers to conduct redirection attacks. MyBB 1.8.15, cuando se accede a él mediante Microsoft Edge, gestiona de manera incorrecta 'target="_blank" rel="noopener"' en elementos A, lo que facilita que atacantes remotos lleven a cabo ataques de redirección. • https://github.com/hbranco/CVE-2018-10678 http://www.securityfocus.com/bid/104187 https://gist.github.com/MayurUdiniya/7aaa50b878d82b6aab6ed0b3e2b080bc • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1

MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitrary deletion of user accounts. MyBB 1.8.14 no comprueba un token CSRF válido, lo que conduce al borrado arbitrario de cuentas de usuario. • https://websecnerd.blogspot.in/2018/02/mybb-forum-1_21.html • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

MyBB 1.8.14 has XSS via the Title or Description field on the Edit Forum screen. MyBB 1.8.14 tiene XSS mediante los campos Title o Description en la pantalla Edit Forum. • https://websecnerd.blogspot.com/2018/02/mybb-forum-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

The installer in MyBB before 1.8.13 has XSS. El instalador en MyBB en versiones anteriores a la 1.8.13 tiene Cross-Site Scripting (XSS). • https://www.exploit-db.com/exploits/43137 https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •