Main Vulnerability Database Vulnerabilities #VU43652

Input validation error in MyBB - CVE-2011-5133

Published: August 31, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43652

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2011-5133

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: MyBB Group

Affected software:
MyBB

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and attack vectors, related to an "unparsed user avatar in the buddy list."

Install update from vendor's website.