VYPR
Unrated severityNVD Advisory· Published Jun 15, 2019· Updated Aug 4, 2024

CVE-2019-12831

CVE-2019-12831

Description

In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of aaaaaaaaaaaaaaaaaaaaaaaaaa.php.css to aaaaaaaaaaaaaaaaaaaaaaaaaa.php with a 30-character limit, aka theme import stylesheet name RCE.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • MyBB/MyBBdescription
  • MyBB/Mybbllm-fuzzy
    Range: <1.8.21

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.