First published: Tue Aug 29 2023(Updated: )
MyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval, and there was some validation of the input to eval, but type juggling interfered with this when using PCRE within PHP.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mybb Mybb | <1.8.36 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-41362 is a vulnerability in MyBB before version 1.8.36 that allows code injection by users with certain high privileges.
CVE-2023-41362 has a severity keyword of 'high' and a severity value of 7.2.
The MyBB software before version 1.8.36 is affected by CVE-2023-41362.
To fix CVE-2023-41362, you should update MyBB to version 1.8.36 or newer.
CWE-94 is a vulnerability related to code injection.