EIP-2026-109734
PRE-CVEMyBB smilie Module < 1.8.11 - 'pathfolder' Directory Traversal
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-109734. PoCs published by Zhiyang Zeng.
AI-analyzed exploit summary The proof of concept describes a directory traversal vulnerability in MyBB versions prior to 1.8.11, where the 'pathfolder' parameter in the admin panel's smilies configuration module is not properly sanitized, allowing attackers to traverse directories. The vulnerability was fixed in version 1.8.11.
Description
MyBB smilie Module < 1.8.11 - 'pathfolder' Directory Traversal
Exploits (1)
The proof of concept describes a directory traversal vulnerability in MyBB versions prior to 1.8.11, where the 'pathfolder' parameter in the admin panel's smilies configuration module is not properly sanitized, allowing attackers to traverse directories. The vulnerability was fixed in version 1.8.11.