A pair of critical vulnerabilities in a well known bulletin board software program identified as MyBB could have been chained collectively to attain distant code execution (RCE) without having the have to have for prior obtain to a privileged account.
The flaws, which were discovered by unbiased security scientists Simon Scannell and Carl Smith, were being described to the MyBB Crew on February 22, pursuing which it produced an update (model 1.8.26) on March 10 addressing the issues.
MyBB, formerly MyBBoard and at first MyBulletinBoard, is absolutely free and open up-supply forum software program created employing PHP and MySQL.
According to the researchers, the very first issue — a nested car URL persistent XSS vulnerability (CVE-2021-27889) — stems from how MyBB parses messages made up of URLs throughout the rendering course of action, consequently enabling any unprivileged discussion board person to embed stored XSS payloads into threads, posts, and even private messages.
“The vulnerability can be exploited with negligible consumer interaction by saving a maliciously crafted MyCode message on the server (e.g. as a put up or Personal Message) and pointing a sufferer to a website page where the written content is parsed,” MyBB said in an advisory.
The second vulnerability issues an SQL injection (CVE-2021-27890) in a forum’s topic supervisor that could final result in an authenticated RCE. A effective exploitation happens when a forum administrator with the “Can manage themes?” permission imports a maliciously crafted theme, or a consumer, for whom the theme has been set, visits a discussion board website page.
“A complex attacker could produce an exploit for the Saved XSS vulnerability and then send out a personal concept to a focused administrator of a MyBB board,” the researchers outlined in a technological publish-up. “As quickly as the administrator opens the private concept, on his own trusted forum, the exploit triggers. An RCE vulnerability is immediately exploited in the history and sales opportunities to a entire takeover of the qualified MyBB forum.”
Other than the two aforementioned vulnerabilities, version 1.8.26 also resolves four other security shortcomings that ended up determined by the MyBB Staff, like —
- CVE-2021-27946 – Incorrect validation of the number of votes in thread poll solutions, foremost to SQL injection
- CVE-2021-27947 – Poor sanitization of sure forum data, causing SQL injection when used in subsequent queries
- CVE-2021-27948 – Further Consumer Teams ID numbers can be saved devoid of proper validation in the Admin Regulate Panel, ensuing in SQL injection, and
- CVE-2021-27949 – A reflected XSS vulnerability in custom made Moderator Tools, when user enter connected to CSRF token-protected Post requests is not correctly sanitized
MyBB end users are encouraged to enhance to the most recent version to mitigate the risk associated with the flaws.
Located this short article attention-grabbing? Observe THN on Facebook, Twitter and LinkedIn to read through more exceptional content material we write-up.
Some parts of this article are sourced from:
thehackernews.com