A pair of critical vulnerabilities in MyBB could have been chained together to achieve remote code execution without the need for prior access to a privileged account. The flaws were discovered by independent security researchers Simon Scannell and Carl Smith. According to internet assets search engine Spyse, there are at least 2,100 potentially vulnerable domains that have MyBB installed. MyBB released an update (version 1.8.26) on March 10 addressing the issues. The software is free and open-source forum software developed using PHP and MySQL.
Source: https://thehackernews.com/2021/03/critical-rce-flaw-reported-in-mybb.html