Facebook Google Plus Twitter LinkedIn YouTube RSS Menú Buscar Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MyBB < 1.8.6 Arbitrary Code Execution

Critical

Synopsis

The remote web server is running a PHP application that is vulnerable to an arbitrary code execution attack vector.

Description

Versions of MyBB (MyBulletinBoard) prior to 1.8.6 are affected by a flaw in the '__wakeup()' method that is triggered when deserializing specially crafted GMP objects. This may allow a remote attacker to potentially execute arbitrary code.

Soluciones

Upgrade to MyBB version 1.8.6 or later.