Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
MyBB Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2021-43281 - Vulnerability Database
MyBB

MyBB Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2021-43281

High
Reference: CVE-2021-43281
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-43281
Title: MyBB Improper Control of Generation of Code (Code Injection) Vulnerability
Overview:

MyBB before 1.8.29 allows Remote Code Injection by an admin with the quotCan manage settingsquot permission. The Admin CP39s Settings management module does not validate setting types correctly on insertion and update making it possible to add settings of supported type quotphpquot with PHP code executed on Change Settings pages.