CVE-2018-1000502
Last modified
CVE-2018-1000502 is a vulnerability of currently unknown severity. MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance -> Task Manager -> Add New Task) that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. This attack appear to be exploitable via Must have access to admin panel. EPSS estimates a 1.28% chance of exploitation in the next 30 days.
Description
MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance -> Task Manager -> Add New Task) that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. This attack appear to be exploitable via Must have access to admin panel. This vulnerability appears to have been fixed in 1.8.15.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mybb | Mybb | < 1.8.15 |
References
- http://www.batterystapl.es/2018/03/local-file-inclusion-and-reading.htmlThird Party Advisory
- http://www.batterystapl.es/2018/03/local-file-inclusion-and-reading.htmlThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-1000502?
How severe is CVE-2018-1000502?
How do I fix CVE-2018-1000502?
Are you affected by CVE-2018-1000502?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST