Exploit for #VU51535 Cross-site scripting in MyBB

Cybersecurity Help s.r.o.

Published: 2021-03-24 | Updated: 2022-04-07

Vulnerability identifier: #VU51535

Vulnerability risk: Low

CVSSv4.0: 2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P/U:Clear]

CVE-ID: CVE-2021-27889

CWE-ID: CWE-79

Exploitation vector: Network

Exploits in database: 4

April 7, 2022
- Mybb-XSS_SQL_RCE-POC (Mybb associate CVE-2021-27890 & CVE-2021-27889 to RCE poc) [Github]
June 17, 2021
- MyBB 1.8.25 - Poll Vote Count SQL Injection [Exploit-DB]
- MyBB 1.8.25 - Chained Remote Command Execution [Exploit-DB]
March 24, 2021
- MyBB 1.8.25 Remote Command Execution [Packet Storm]

Vulnerable software:
MyBB
Other software / Other software solutions

Vendor: MyBB Group