CVE-2022-24734 — HIGH (7.2)

Q: How severe is CVE-2022-24734?

CVE-2022-24734 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-24734?

Check the references section above for vendor advisories and patch information. Affected products include: Mybb Mybb.

Vulnerability Description

MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type `php` with PHP code, executed on on _Change Settings_ pages. This results in a Remote Code Execution (RCE) vulnerability. The vulnerable module requires Admin CP access with the `Can manage settings?` permission. MyBB's Settings module, which allows administrators to add, edit, and delete non-default settings, stores setting data in an options code string ($options_code; mybb_settings.optionscode database column) that identifies the setting type and its options, separated by a new line character (\n). In MyBB 1.2.0, support for setting type php was added, for which the remaining part of the options code is PHP code executed on Change Settings pages (reserved for plugins and internal use). MyBB 1.8.30 resolves this issue. There are no known workarounds.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mybb	Mybb	>= 1.2.0, < 1.8.30

Related Weaknesses (CWE)

CWE-94

References

http://packetstormsecurity.com/files/167082/MyBB-1.8.29-Remote-Code-Execution.htExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/167333/MyBB-Admin-Control-Remote-Code-ExecuExploitThird Party Advisory
https://github.com/mybb/mybb/commit/92012b9831b330714b9f9b4646a98784113489c1PatchThird Party Advisory
https://github.com/mybb/mybb/security/advisories/GHSA-876v-gwgh-w57fPatchThird Party Advisory
https://mybb.com/versions/1.8.30/Release NotesVendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-503/Third Party AdvisoryVDB EntryVendor Advisory
http://packetstormsecurity.com/files/167082/MyBB-1.8.29-Remote-Code-Execution.htExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/167333/MyBB-Admin-Control-Remote-Code-ExecuExploitThird Party Advisory
https://github.com/mybb/mybb/commit/92012b9831b330714b9f9b4646a98784113489c1PatchThird Party Advisory
https://github.com/mybb/mybb/security/advisories/GHSA-876v-gwgh-w57fPatchThird Party Advisory
https://mybb.com/versions/1.8.30/Release NotesVendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-503/Third Party AdvisoryVDB EntryVendor Advisory

FAQ

What is CVE-2022-24734?

CVE-2022-24734 is a vulnerability with a CVSS score of 7.2 (HIGH). MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to a...

How severe is CVE-2022-24734?

CVE-2022-24734 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-24734?

Check the references section above for vendor advisories and patch information. Affected products include: Mybb Mybb.