CVE-2018-1000502 — HIGH (7.2)

Vulnerability Description

MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance -> Task Manager -> Add New Task) that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. This attack appear to be exploitable via Must have access to admin panel. This vulnerability appears to have been fixed in 1.8.15.

CVSS Score

7.2

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mybb	Mybb	< 1.8.15

Related Weaknesses (CWE)

CWE-829

References

http://www.batterystapl.es/2018/03/local-file-inclusion-and-reading.htmlThird Party Advisory
https://blog.mybb.com/2018/03/15/mybb-1-8-15-released-security-maintenance-releaVendor Advisory
http://www.batterystapl.es/2018/03/local-file-inclusion-and-reading.htmlThird Party Advisory
https://blog.mybb.com/2018/03/15/mybb-1-8-15-released-security-maintenance-releaVendor Advisory

FAQ

What is CVE-2018-1000502?

CVE-2018-1000502 is a vulnerability with a CVSS score of 7.2 (HIGH). MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance -> Task Manager -> Add New Task) that can result in Allows Local File Inclusion on modern PHP versions and...

How severe is CVE-2018-1000502?

CVE-2018-1000502 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-1000502?

Check the references section above for vendor advisories and patch information. Affected products include: Mybb Mybb.