Exploit for #VU51535 Cross-site scripting in MyBB

Exploit for #VU51535 Cross-site scripting in MyBB

Published: 2021-03-24 | Updated: 2022-04-07

Vulnerability identifier: #VU51535

Vulnerability risk: Low

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2021-27889

CWE-ID: CWE-79

Exploitation vector: Network

Exploits in database: 4

April 7, 2022
- Mybb-XSS_SQL_RCE-POC (Mybb associate CVE-2021-27890 & CVE-2021-27889 to RCE poc) [Github]
June 17, 2021
- MyBB 1.8.25 - Poll Vote Count SQL Injection [Exploit-DB]
- MyBB 1.8.25 - Chained Remote Command Execution [Exploit-DB]
March 24, 2021
- MyBB 1.8.25 Remote Command Execution [Packet Storm]

Impact: Information disclosure and data manipulation

Vulnerable software:
MyBB
Other software / Other software solutions

Vendor: MyBB Group