First published: Fri Nov 10 2017(Updated: )
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mybb Mybb | <=1.8.12 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-16780 is a vulnerability in the installer of MyBB before version 1.8.13 that allows remote attackers to execute arbitrary code by writing to the configuration file.
CVE-2017-16780 has a severity rating of 9.8, which is considered critical.
To fix CVE-2017-16780, you should update MyBB to version 1.8.13 or later.
You can find more information about CVE-2017-16780 on the MyBB blog at [link1] and on Exploit Database at [link2].
CWE-352 is a Common Weakness Enumeration category that refers to cross-site scripting (XSS) vulnerabilities.