Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
MyBB Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2023-53979 - Vulnerability Database
MyBB

MyBB Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2023-53979

High
Reference: CVE-2023-53979
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2023-53979
Title: MyBB Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Overview:

MyBB 1.8.32 contains a chained vulnerability that allows authenticated administrators to bypass avatar upload restrictions and execute arbitrary code. Attackers can modify upload path settings upload a malicious PHP-embedded image file and execute commands through the language configuration editing interface.