Unrated severityNVD Advisory· Published Dec 22, 2025· Updated Mar 5, 2026
MyBB 1.8.32 Authenticated Remote Code Execution via Chained Vulnerabilities
CVE-2023-53979
Description
MyBB 1.8.32 contains a chained vulnerability that allows authenticated administrators to bypass avatar upload restrictions and execute arbitrary code. Attackers can modify upload path settings, upload a malicious PHP-embedded image file, and execute commands through the language configuration editing interface.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- www.exploit-db.com/exploits/51213mitreexploit
- www.vulncheck.com/advisories/mybb-authenticated-remote-code-execution-via-chained-vulnerabilitiesmitrethird-party-advisory
- fdlucifer.github.io/2023/01/17/mybb1-8-32-LFI-RCE/mitretechnical-description
- mybb.commitreproduct
News mentions
0No linked articles in our index yet.