CVE-2011-10018
Last modified
CVE-2011-10018 is a critical-severity vulnerability rated 10/10 on the CVSS scale. myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP code by injecting payloads into a specially crafted collapsed cookie. EPSS estimates a 1.86% chance of exploitation in the next 30 days.
Description
myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP code by injecting payloads into a specially crafted collapsed cookie. This vulnerability was introduced during packaging and was not part of the intended application logic. Exploitation requires no authentication and results in full compromise of the web server under the context of the web application.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mybb | Mybb | 1.6.4 |
References
- https://web.archive.org/web/20111015224948/http://secunia.com/advisories/46300/Third Party Advisory
- https://www.vulncheck.com/advisories/mybb-backdoor-arbitrary-command-executionThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2011-10018?
How severe is CVE-2011-10018?
How do I fix CVE-2011-10018?
Are you affected by CVE-2011-10018?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST