A pair of critical vulnerabilities in a preferred bulletin board application named MyBB could have been chained with each other to obtain distant code execution (RCE) with no the need to have for prior obtain to a privileged account.
The flaws, which have been found out by unbiased security scientists Simon Scannell and Carl Smith, were described to the MyBB Staff on February 22, subsequent which it launched an update (edition 1.8.26) on March 10 addressing the issues.
MyBB, formerly MyBBoard and initially MyBulletinBoard, is absolutely free and open up-source discussion board computer software developed utilizing PHP and MySQL.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
According to the researchers, the 1st issue — a nested car URL persistent XSS vulnerability (CVE-2021-27889) — stems from how MyBB parses messages made up of URLs for the duration of the rendering approach, consequently enabling any unprivileged discussion board user to embed saved XSS payloads into threads, posts, and even personal messages.
“The vulnerability can be exploited with nominal user interaction by conserving a maliciously crafted MyCode information on the server (e.g. as a post or Private Concept) and pointing a victim to a webpage where the articles is parsed,” MyBB claimed in an advisory.
The next vulnerability considerations an SQL injection (CVE-2021-27890) in a forum’s theme supervisor that could result in an authenticated RCE. A prosperous exploitation happens when a discussion board administrator with the “Can deal with themes?” authorization imports a maliciously crafted concept, or a consumer, for whom the theme has been set, visits a forum web site.
“A refined attacker could produce an exploit for the Saved XSS vulnerability and then send out a non-public information to a focused administrator of a MyBB board,” the researchers outlined in a specialized produce-up. “As soon as the administrator opens the private concept, on his individual trusted discussion board, the exploit triggers. An RCE vulnerability is immediately exploited in the qualifications and potential customers to a whole takeover of the specific MyBB discussion board.”
Aside from the two aforementioned vulnerabilities, edition 1.8.26 also resolves 4 other security shortcomings that ended up discovered by the MyBB Crew, like —
- CVE-2021-27946 – Poor validation of the variety of votes in thread poll solutions, top to SQL injection
- CVE-2021-27947 – Inappropriate sanitization of particular discussion board info, leading to SQL injection when employed in subsequent queries
- CVE-2021-27948 – Extra Consumer Groups ID numbers can be saved devoid of appropriate validation in the Admin Handle Panel, ensuing in SQL injection, and
- CVE-2021-27949 – A reflected XSS vulnerability in custom Moderator Tools, when user input hooked up to CSRF token-safeguarded Submit requests is not properly sanitized
MyBB buyers are recommended to enhance to the latest model to mitigate the risk related with the flaws.
Identified this post appealing? Comply with THN on Facebook, Twitter and LinkedIn to read extra exclusive content material we publish.
Some elements of this write-up are sourced from:
thehackernews.com