CVE-2021-27889
published 2021-03-15CVE-2021-27889: Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages.
PriorityP338medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
5.07%
91.3th percentile
Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mybb | mybb | < 1.8.26 | 1.8.26 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
Exploit-DB
MyBB 1.8.25 - Poll Vote Count SQL Injection
exploitdb·2021-03-23·CVSS 6.1
CVE-2021-27946 [MEDIUM] MyBB 1.8.25 - Poll Vote Count SQL Injection
MyBB 1.8.25 - Poll Vote Count SQL Injection
---
# Exploit Title: MyBB 1.8.25 - Poll Vote Count SQL Injection
# Exploit Author: SivertPL ([email protected])
# Date: 20.03.2021
# Description: Lack of sanitization in the "votes[]" parameter in "Edit Poll" causes a second-order semi-blind SQL Injection that is triggered when performing a "Move/Copy" operation on the thread.
# Sofware Link: https://resources.mybb.com/downloads/mybb_1825.zip
# CVE: CVE-2021-27946
References:
1) https://portswigger.net/daily-swig/chained-vulnerabilities-used-to-take-control-of-mybb-forums
2) https://vuldb.com/?id.171307
3) https://github.com/mybb/mybb/commit/aa415f08bce01f95a8319b707bb18eb67833f4c1.patch
In order to trigger the vulnerability, you must have permission to edit polls.
Moderators and admin
Exploit-DB
MyBB 1.8.25 - Chained Remote Command Execution
exploitdb·2021-03-22·CVSS 6.1
CVE-2021-27890 [MEDIUM] MyBB 1.8.25 - Chained Remote Command Execution
MyBB 1.8.25 - Chained Remote Command Execution
---
# Exploit Title: MyBB 1.8.25 - Chained Remote Command Execution
# Exploit Author: SivertPL ([email protected])
# Date: 19.03.2021
# Description: Nested autourl Stored XSS -> templateset second order SQL Injection leading to RCE through improper string interpolation in eval().
# Software Link: https://resources.mybb.com/downloads/mybb_1825.zip
# CVE: CVE-2021-27889, CVE-2021-27890
# Reference: https://portswigger.net/daily-swig/chained-vulnerabilities-used-to-take-control-of-mybb-forums
# The exploit requires the target administrator to have a valid ACP session.
# Proof of Concept Video: https://www.youtube.com/watch?v=xU1Y9_bgoFQ
# Guide:
1) In order to escape various checks, the XSS has to download this .js file from an external
No writeups or analysis indexed.
http://packetstormsecurity.com/files/161908/MyBB-1.8.25-Remote-Command-Execution.htmlhttps://blog.sonarsource.com/mybb-remote-code-execution-chainhttps://github.com/mybb/mybb/security/advisories/GHSA-xhj7-3349-mqcmhttp://packetstormsecurity.com/files/161908/MyBB-1.8.25-Remote-Command-Execution.htmlhttps://blog.sonarsource.com/mybb-remote-code-execution-chainhttps://github.com/mybb/mybb/security/advisories/GHSA-xhj7-3349-mqcm
2021-03-15
Published