Impact
Certain forum data fetched from the database within the Admin Control Panel's Copy Forum feature in Forum Management is not sanitized properly when used in subsequent queries, leading to an SQL injection vulnerability.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Patches
MyBB 1.8.26 resolves this issue with the following changes:
References
For more information
Go to mybb.com/security to report possible security concerns or to learn more about security research at MyBB.
Contact
The security team can be reached at security@mybb.com.
Impact
Certain forum data fetched from the database within the Admin Control Panel's Copy Forum feature in Forum Management is not sanitized properly when used in subsequent queries, leading to an SQL injection vulnerability.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Patches
MyBB 1.8.26 resolves this issue with the following changes:
.patch: https://github.com/mybb/mybb/commit/96dd1b3d955eb8043c9c22b36dcb5ff8d65e8e24.patchReferences
For more information
Go to mybb.com/security to report possible security concerns or to learn more about security research at MyBB.
Contact
The security team can be reached at security@mybb.com.