CVE-2019-12831 – In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems ( …

Vuln ID: CVE-2019-12831

Published:  2019-06-15  18:29:00Z

Description: In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of aaaaaaaaaaaaaaaaaaaaaaaaaa.php.css to aaaaaaaaaaaaaaaaaaaaaaaaaa.php with a 30-character limit, aka theme import stylesheet name RCE.

Source: NVD.NIST.GOV

 

Tags