Get a Pentest and security assessment of your IT network.

Cyber Security

MyBB Forum Patches Vulnerabilities That Allow Site Takeover

MyBB has released updates that fix vulnerabilities that could allow an attacker to take complete control over a site and potentially the server. Researchers from RIPS Technologies discovered a Stored XSS and File Write vulnerability that when chained together lead to a remote code execution vulnerability in the popular forum. An attacker merely needs a user account on a target forum to send an admin a private message containing malicious JavaScript code, which exploits the RCE vulnerability. By chaining them together they can create a PHP backdoor that gives them full access to the site.

Source: https://www.bleepingcomputer.com/news/security/mybb-forum-patches-vulnerabilities-that-allow-site-takeover/

Related posts
Cyber Security

Zip Codes & PII: Are They Personal Data?

Cyber Security

Zero-Day Vulnerabilities: User Defence Guide

Cyber Security

Zero Knowledge Voting with Trusted Server

Cyber Security

ZeroNet: 51% Attack Risks & Mitigation