CVE-2018-1000502

HIGH

MyBB Group MyBB - File Inclusion

Title source: llm

Description

MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance -> Task Manager -> Add New Task) that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. This attack appear to be exploitable via Must have access to admin panel. This vulnerability appears to have been fixed in 1.8.15.

References (2)

[Third Party Advisory] http://www.batterystapl.es/2018/03/local-file-inclusion-and-reading.html

[Vendor Advisory] https://blog.mybb.com/2018/03/15/mybb-1-8-15-released-security-maintenance-release/

Scores

CVSS v3 7.2

EPSS 0.0065

EPSS Percentile 70.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-829

Status published

Products (1)

mybb/mybb < 1.8.15

Published Jun 26, 2018

Tracked Since Feb 18, 2026