File Inclusion Vulnerability in MyBB Admin Panel by MyBB Group
CVE-2018-1000502
7.2HIGH
What is CVE-2018-1000502?
The MyBB Group's MyBB application is affected by a vulnerability that allows for Local File Inclusion (LFI) in its Admin panel, specifically within the Tools and Maintenance section under Task Manager when adding a new task. If exploited, this vulnerability could potentially permit unauthorized access to local files on the server, and in older PHP versions, could lead to Remote File Inclusion (RFI). Successful exploitation would necessitate that an attacker has admin panel access. The issue has been addressed and fixed in version 1.8.15.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
References
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved