cnvd - cnvd-2022-20097

cnvd-2022-20097

Vulnerability from cnvd

Title: MyBB远程代码执行漏洞（CNVD-2022-20097）

Description:

MyBB是MyBB团队的开发的一套用PHP和MySQL开发的免费且基于Web的论坛软件。该软件具有简单易用、支持多国语言、可扩展等特点。

MyBB存在远程代码执行漏洞，该漏洞源于Admin CP 的设置管理模块在插入和更新时无法正确验证设置类型，攻击者可利用该漏洞导致远程代码执行 (RCE) 漏洞。

Severity: 高

Patch Name: MyBB远程代码执行漏洞（CNVD-2022-20097）的补丁

Patch Description:

MyBB是MyBB团队的开发的一套用PHP和MySQL开发的免费且基于Web的论坛软件。该软件具有简单易用、支持多国语言、可扩展等特点。

MyBB存在远程代码执行漏洞，该漏洞源于Admin CP 的设置管理模块在插入和更新时无法正确验证设置类型，攻击者可利用该漏洞导致远程代码执行 (RCE) 漏洞。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/mybb/mybb/security/advisories/GHSA-876v-gwgh-w57f

Reference: https://mybb.com/versions/1.8.30/

Impacted products

Name
Mybb MyBB 1.8.30

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-24734",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-24734"
    }
  },
  "description": "MyBB\u662fMyBB\u56e2\u961f\u7684\u5f00\u53d1\u7684\u4e00\u5957\u7528PHP\u548cMySQL\u5f00\u53d1\u7684\u514d\u8d39\u4e14\u57fa\u4e8eWeb\u7684\u8bba\u575b\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u5177\u6709\u7b80\u5355\u6613\u7528\u3001\u652f\u6301\u591a\u56fd\u8bed\u8a00\u3001\u53ef\u6269\u5c55\u7b49\u7279\u70b9\u3002\n\nMyBB\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eAdmin CP \u7684\u8bbe\u7f6e\u7ba1\u7406\u6a21\u5757\u5728\u63d2\u5165\u548c\u66f4\u65b0\u65f6\u65e0\u6cd5\u6b63\u786e\u9a8c\u8bc1\u8bbe\u7f6e\u7c7b\u578b\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c (RCE) \u6f0f\u6d1e\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/mybb/mybb/security/advisories/GHSA-876v-gwgh-w57f",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-20097",
  "openTime": "2022-03-11",
  "patchDescription": "MyBB\u662fMyBB\u56e2\u961f\u7684\u5f00\u53d1\u7684\u4e00\u5957\u7528PHP\u548cMySQL\u5f00\u53d1\u7684\u514d\u8d39\u4e14\u57fa\u4e8eWeb\u7684\u8bba\u575b\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u5177\u6709\u7b80\u5355\u6613\u7528\u3001\u652f\u6301\u591a\u56fd\u8bed\u8a00\u3001\u53ef\u6269\u5c55\u7b49\u7279\u70b9\u3002\r\n\r\nMyBB\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eAdmin CP \u7684\u8bbe\u7f6e\u7ba1\u7406\u6a21\u5757\u5728\u63d2\u5165\u548c\u66f4\u65b0\u65f6\u65e0\u6cd5\u6b63\u786e\u9a8c\u8bc1\u8bbe\u7f6e\u7c7b\u578b\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c (RCE) \u6f0f\u6d1e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "MyBB\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2022-20097\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Mybb MyBB 1.8.30"
  },
  "referenceLink": "https://mybb.com/versions/1.8.30/",
  "serverity": "\u9ad8",
  "submitTime": "2022-03-11",
  "title": "MyBB\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2022-20097\uff09"
}

CVE-2022-24734 (GCVE-0-2022-24734)

Vulnerability from cvelistv5

Published

2022-03-09 21:25

Modified

2025-04-22 18:19

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Summary

MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type `php` with PHP code, executed on on _Change Settings_ pages. This results in a Remote Code Execution (RCE) vulnerability. The vulnerable module requires Admin CP access with the `Can manage settings?` permission. MyBB's Settings module, which allows administrators to add, edit, and delete non-default settings, stores setting data in an options code string ($options_code; mybb_settings.optionscode database column) that identifies the setting type and its options, separated by a new line character (\n). In MyBB 1.2.0, support for setting type php was added, for which the remaining part of the options code is PHP code executed on Change Settings pages (reserved for plugins and internal use). MyBB 1.8.30 resolves this issue. There are no known workarounds.

References

▼	URL	Tags
	https://github.com/mybb/mybb/security/advisories/GHSA-876v-gwgh-w57f	x_refsource_CONFIRM
	https://github.com/mybb/mybb/commit/92012b9831b330714b9f9b4646a98784113489c1	x_refsource_MISC
	https://mybb.com/versions/1.8.30/	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-22-503/	x_refsource_MISC
	http://packetstormsecurity.com/files/167082/MyBB-1.8.29-Remote-Code-Execution.html	x_refsource_MISC
	http://packetstormsecurity.com/files/167333/MyBB-Admin-Control-Remote-Code-Execution.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	mybb	mybb	Version: >= 1.2.0, < 1.8.30

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:20:49.808Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/mybb/mybb/security/advisories/GHSA-876v-gwgh-w57f"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/mybb/mybb/commit/92012b9831b330714b9f9b4646a98784113489c1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://mybb.com/versions/1.8.30/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-503/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/167082/MyBB-1.8.29-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/167333/MyBB-Admin-Control-Remote-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-24734",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-22T15:44:10.816237Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-22T18:19:20.055Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mybb",
          "vendor": "mybb",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.2.0, \u003c 1.8.30"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "MyBB is a free and open source forum software. In affected versions the Admin CP\u0027s Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type `php` with PHP code, executed on on _Change Settings_ pages. This results in a Remote Code Execution (RCE) vulnerability. The vulnerable module requires Admin CP access with the `Can manage settings?` permission. MyBB\u0027s Settings module, which allows administrators to add, edit, and delete non-default settings, stores setting data in an options code string ($options_code; mybb_settings.optionscode database column) that identifies the setting type and its options, separated by a new line character (\\n). In MyBB 1.2.0, support for setting type php was added, for which the remaining part of the options code is PHP code executed on Change Settings pages (reserved for plugins and internal use). MyBB 1.8.30 resolves this issue. There are no known workarounds."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-31T18:06:18.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/mybb/mybb/security/advisories/GHSA-876v-gwgh-w57f"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/mybb/mybb/commit/92012b9831b330714b9f9b4646a98784113489c1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://mybb.com/versions/1.8.30/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-503/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/167082/MyBB-1.8.29-Remote-Code-Execution.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/167333/MyBB-Admin-Control-Remote-Code-Execution.html"
        }
      ],
      "source": {
        "advisory": "GHSA-876v-gwgh-w57f",
        "discovery": "UNKNOWN"
      },
      "title": "Remote code execution in mybb",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-24734",
          "STATE": "PUBLIC",
          "TITLE": "Remote code execution in mybb"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "mybb",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 1.2.0, \u003c 1.8.30"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "mybb"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MyBB is a free and open source forum software. In affected versions the Admin CP\u0027s Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type `php` with PHP code, executed on on _Change Settings_ pages. This results in a Remote Code Execution (RCE) vulnerability. The vulnerable module requires Admin CP access with the `Can manage settings?` permission. MyBB\u0027s Settings module, which allows administrators to add, edit, and delete non-default settings, stores setting data in an options code string ($options_code; mybb_settings.optionscode database column) that identifies the setting type and its options, separated by a new line character (\\n). In MyBB 1.2.0, support for setting type php was added, for which the remaining part of the options code is PHP code executed on Change Settings pages (reserved for plugins and internal use). MyBB 1.8.30 resolves this issue. There are no known workarounds."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/mybb/mybb/security/advisories/GHSA-876v-gwgh-w57f",
              "refsource": "CONFIRM",
              "url": "https://github.com/mybb/mybb/security/advisories/GHSA-876v-gwgh-w57f"
            },
            {
              "name": "https://github.com/mybb/mybb/commit/92012b9831b330714b9f9b4646a98784113489c1",
              "refsource": "MISC",
              "url": "https://github.com/mybb/mybb/commit/92012b9831b330714b9f9b4646a98784113489c1"
            },
            {
              "name": "https://mybb.com/versions/1.8.30/",
              "refsource": "MISC",
              "url": "https://mybb.com/versions/1.8.30/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-503/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-503/"
            },
            {
              "name": "http://packetstormsecurity.com/files/167082/MyBB-1.8.29-Remote-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/167082/MyBB-1.8.29-Remote-Code-Execution.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/167333/MyBB-Admin-Control-Remote-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/167333/MyBB-Admin-Control-Remote-Code-Execution.html"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-876v-gwgh-w57f",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-24734",
    "datePublished": "2022-03-09T21:25:08.000Z",
    "dateReserved": "2022-02-10T00:00:00.000Z",
    "dateUpdated": "2025-04-22T18:19:20.055Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted