CVE-2024-23335: Backups directory .htaccess deletion in. MyBB
First published: Wed May 01 2024(Updated: )
MyBB is a free and open source forum software. The backup management module of the Admin CP may accept `.htaccess` as the name of the backup file to be deleted, which may expose the stored backup files over HTTP on Apache servers. MyBB 1.8.38 resolves this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MyBB | <1.8.38 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-23335?
CVE-2024-23335 has been classified as a moderate severity vulnerability due to the potential exposure of sensitive backup files.
How do I fix CVE-2024-23335?
To fix CVE-2024-23335, upgrade MyBB to version 1.8.38 or later.
What is the risk associated with CVE-2024-23335?
The risk associated with CVE-2024-23335 includes unauthorized access to stored backup files if they are exposed over HTTP.
Which versions of MyBB are affected by CVE-2024-23335?
MyBB versions prior to 1.8.38 are affected by CVE-2024-23335.
Where can I find more information about CVE-2024-23335?
For more information about CVE-2024-23335, refer to MyBB's official security advisories.
- agent/title
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/type
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/mybb
- canonical/mybb