Impact
Path traversal vulnerability in the Admin CP's Languages module allows remote authenticated users to include and execute arbitrary local files (LFI).
The vulnerable module requires Admin CP access with the Can manage language packs? permission.
Patches
MyBB 1.8.33 resolves this issue with the following changes:
References
For more information
Go to mybb.com/security to report possible security concerns or to learn more about security research at MyBB.
Contact
The security team can be reached at security@mybb.com.
Impact
Path traversal vulnerability in the Admin CP's Languages module allows remote authenticated users to include and execute arbitrary local files (LFI).
The vulnerable module requires Admin CP access with the Can manage language packs? permission.
Patches
MyBB 1.8.33 resolves this issue with the following changes:
.patch: https://github.com/mybb/mybb/commit/0195eda5eec726d347ae82a1dd8d93e0001c562c.patchReferences
For more information
Go to mybb.com/security to report possible security concerns or to learn more about security research at MyBB.
Contact
The security team can be reached at security@mybb.com.