FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mybb -- multible vulnerabilities

Affected packages
mybb < 1.8.22


VuXML ID 198a120d-c22d-11ea-9172-4c72b94353b5
Discovery 2019-12-30
Entry 2020-07-09

mybb Team reports:

High risk: Installer RCE on settings file write

Medium risk: Arbitrary upload paths and Local File Inclusion RCE

Medium risk: XSS via insufficient HTML sanitization of Blog feed and Extend data

Low risk: Open redirect on login

Low risk: SCEditor reflected XSS