MyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval, and there was some validation of the input to eval, but type juggling interfered with this when using PCRE within PHP.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-08-29T00:00:00
Updated: 2024-08-02T19:01:35.079Z
Reserved: 2023-08-29T00:00:00
Link: CVE-2023-41362
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-08-29T16:15:09.237
Modified: 2023-09-11T15:16:03.410
Link: CVE-2023-41362
Redhat
No data.