Impact
Certain theme properties included in theme XML files are not escaped properly when included in SQL queries, leading to an SQL injection vulnerability.
The vulnerability may be exploited when:
- a forum administrator with the Can manage themes? permission imports a maliciously crafted theme,
-
- a forum administrator uses the Export Theme or Duplicate Theme features in the Admin Control Panel, or
- a user, for whom the theme has been set, visits a forum page.
The impact may be reduced when:
- no themes from untrusted sources are imported,
- the Admin CP's Can manage themes? permission is limited to trusted administrators.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Patches
MyBB 1.8.26 resolves this issue with the following changes:
References
For more information
Go to mybb.com/security to report possible security concerns or to learn more about security research at MyBB.
Contact
The security team can be reached at security@mybb.com.
Impact
Certain theme properties included in theme XML files are not escaped properly when included in SQL queries, leading to an SQL injection vulnerability.
The vulnerability may be exploited when:
The impact may be reduced when:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Patches
MyBB 1.8.26 resolves this issue with the following changes:
.patch: https://github.com/mybb/mybb/commit/561e1c76d85ed92931440730c0e78b63359b27a4.patchReferences
For more information
Go to mybb.com/security to report possible security concerns or to learn more about security research at MyBB.
Contact
The security team can be reached at security@mybb.com.