Unrated severityNVD Advisory· Published Jun 15, 2019· Updated Aug 4, 2024
CVE-2019-12831
CVE-2019-12831
Description
In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of aaaaaaaaaaaaaaaaaaaaaaaaaa.php.css to aaaaaaaaaaaaaaaaaaaaaaaaaa.php with a 30-character limit, aka theme import stylesheet name RCE.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- MyBB/MyBBdescription
Patches
Vulnerability mechanics
References
2- blog.mybb.com/2019/06/10/mybb-1-8-21-released-security-maintenance-release/mitrex_refsource_MISC
- blog.ripstech.com/2019/mybb-stored-xss-to-rce/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.