CVE-2022-39265
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-39265
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-39265.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-39265
- Aliases
- Related
- Published
- 2022-10-06T18:16:12Z
- Modified
- 2025-07-29T10:40:03.554733Z
- Severity
-
- 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
MyBB is a free and open source forum software. The Mail Settings → Additional Parameters for PHP's mail() function mail_parameters setting value, in connection with the configured mail program's options and behavior, may allow access to sensitive information and Remote Code Execution (RCE). The vulnerable module requires Admin CP access with the
_Can manage settings?_permission and may depend on configured file permissions. MyBB 1.8.31 resolves this issue with the commit0cd318136a. Users are advised to upgrade. There are no known workarounds for this vulnerability. - References
Affected packages
Git / github.com/mybb/mybb
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mybb/mybb
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
mybb_1800
mybb_1801
mybb_1804
mybb_1805
mybb_1806
mybb_1807
mybb_1808
mybb_1809
mybb_1810
mybb_1811
mybb_1812
mybb_1813
mybb_1814
mybb_1815
mybb_1815_build
mybb_1816
mybb_1816_build
mybb_1817
mybb_1817_build
mybb_1818
mybb_1818_build
mybb_1819
mybb_1819_build
mybb_1820
mybb_1820-rc
mybb_1820_build
mybb_1821
mybb_1821_build
mybb_1821pl1
mybb_1822
mybb_1822_build
mybb_1823
mybb_1823_build
mybb_1824
mybb_1825
mybb_1826
mybb_1827
mybb_1827_build
mybb_1828
mybb_1828_build
mybb_1829
mybb_1830
mybb_1831_build