Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2023-41362

MyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval, and there was some validation of the input to eval, but type juggling interfered with this when using PCRE within PHP.

  • Published: Aug 29, 2023
  • Updated: Sep 1, 2023
  • CVE: CVE-2023-41362
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.2
  • AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWEs:

Software From Fixed in
mybb / mybb - 1.8.36