Remote Code Execution Risk in MyBB Forum Software by MyBB Group
CVE-2017-7566

7.7HIGH

Key Information:

Vendor

Mybb

Status
Mybb
Vendor
CVE Published:
6 April 2017

What is CVE-2017-7566?

The vulnerability permits remote attackers to bypass the Server-Side Request Forgery (SSRF) protection mechanism present in MyBB forum software versions prior to 1.8.11. This flaw could lead to unauthorized access and interactions with internal services, potentially exposing sensitive data or facilitating further attacks within the network.

References

http://www.securityfocus.com/bid/97480
vdb-entryx_refsource_BID
https://www.sec-consult.com/fxdata/seccons/prod/temedia/a...
x_refsource_MISC
https://github.com/mybb/mybb/commit/f5de8fc2aad11e0d2583f...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.