CVE-2024-23335

2024-05-0107:15:38

CWE-20

[email protected]

web.nvd.nist.gov

mybb

forum software

security vulnerability

upgrade advised

.htaccess

4.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

4.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

MyBB is a free and open source forum software. The backup management module of the Admin CP may accept .htaccess as the name of the backup file to be deleted, which may expose the stored backup files over HTTP on Apache servers. MyBB 1.8.38 resolves this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability

Affected configurations

Vulners

Node

mybbmybbRange<1.8.38

VendorProductVersionCPE
mybbmybb*cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mybb	mybb	*	cpe:2.3:a:mybb:mybb::::::::

CNA Affected

[
  {
    "vendor": "mybb",
    "product": "mybb",
    "versions": [
      {
        "version": "< 1.8.38",
        "status": "affected"
      }
    ]
  }
]