CVE-2008-0382

Mybulletinboard - Code Injection

Title source: rule
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-0382. PoCs published by Silentz, waraxe.

AI-analyzed exploit summary This exploit targets a command injection vulnerability in MyBB <= 1.2.10 by manipulating the 'sortby' parameter in forumdisplay.php. It constructs a malicious HTTP GET request to execute arbitrary commands on the server.

Description

Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Silentz · phpwebappsphp
https://www.exploit-db.com/exploits/4927

This exploit targets a command injection vulnerability in MyBB <= 1.2.10 by manipulating the 'sortby' parameter in forumdisplay.php. It constructs a malicious HTTP GET request to execute arbitrary commands on the server.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: MyBB <= 1.2.10
No auth needed
Prerequisites: magic_quotes_gpc needs to be off · valid forum ID
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by waraxe · textwebappsphp
https://www.exploit-db.com/exploits/4928

This exploit demonstrates remote code execution in MyBB 1.2.10 via unsanitized input in the 'sortby' parameter, which is passed to an eval() function in both 'forumdisplay.php' and 'search.php'. Attackers can inject arbitrary PHP code to execute system commands or read sensitive files.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: MyBB 1.2.10
No auth needed
Prerequisites: valid forum 'fid' for forumdisplay.php · valid search 'sid' for search.php
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28509
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4928
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/486434/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27322
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4927
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3559

Scores

EPSS 0.4187
EPSS Percentile 98.5%

Details

CWE
CWE-94
Status published
Products (19)
mybulletinboard/mybulletinboard 1.0
mybulletinboard/mybulletinboard 1.0.1
mybulletinboard/mybulletinboard 1.0.2
mybulletinboard/mybulletinboard 1.0.3
mybulletinboard/mybulletinboard 1.0.4
mybulletinboard/mybulletinboard 1.0_pr2
mybulletinboard/mybulletinboard 1.1
mybulletinboard/mybulletinboard 1.1.1
mybulletinboard/mybulletinboard 1.1.2
mybulletinboard/mybulletinboard 1.1.3
... and 9 more
Published Jan 22, 2008
Tracked Since Feb 18, 2026