The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.0994
Percentile: 0.9267

CVSS Scoring

Affected Products

• cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.2:*:*:*:*:*:*:*

← Back to Home