CVE-2024-23335

MyBB is a free and open source forum software. The backup management module of the Admin CP may accept `.htaccess` as the name of the backup file to be deleted, which may expose the stored backup files over HTTP on Apache servers. MyBB 1.8.38 resolves this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.7 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
GitHub_MCNA
4.7 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
Common Weakness Enumeration
References
https://github.com/mybb/mybb/commit/450259e501b94c9d483efb167cb2bf875605e111.patch
https://github.com/mybb/mybb/security/advisories/GHSA-94xr-g4ww-j47r
https://mybb.com/versions/1.8.38
https://github.com/mybb/mybb/commit/450259e501b94c9d483efb167cb2bf875605e111.patch
https://github.com/mybb/mybb/security/advisories/GHSA-94xr-g4ww-j47r
https://mybb.com/versions/1.8.38