{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2011-10018", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-08-13T17:52:08.905Z", "datePublished": "2025-08-13T20:35:31.755Z", "dateUpdated": "2025-08-14T14:08:01.308Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["index.php", "collapsed cookie"], "product": "Forum Software", "vendor": "myBB Group", "versions": [{"status": "affected", "version": "1.6.4"}]}], "credits": [{"lang": "en", "type": "finder", "value": "MyBB"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP code by injecting payloads into a specially crafted collapsed cookie. This vulnerability was introduced during packaging and was not part of the intended application logic. Exploitation requires no authentication and results in full compromise of the web server under the context of the web application."}], "value": "myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP code by injecting payloads into a specially crafted collapsed cookie. This vulnerability was introduced during packaging and was not part of the intended application logic. Exploitation requires no authentication and results in full compromise of the web server under the context of the web application."}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 10, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-912", "description": "CWE-912 Hidden Functionality", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-08-13T20:35:31.755Z"}, "references": [{"tags": ["exploit"], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/mybb_backdoor.rb"}, {"tags": ["exploit"], "url": "https://www.exploit-db.com/exploits/17949"}, {"tags": ["third-party-advisory"], "url": "https://web.archive.org/web/20111015224948/http://secunia.com/advisories/46300/"}, {"tags": ["vendor-advisory", "patch"], "url": "https://blog.mybb.com/2011/10/06/1-6-4-security-vulnerabilit/"}, {"tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/mybb-backdoor-arbitrary-command-execution"}], "source": {"discovery": "UNKNOWN"}, "title": "myBB 1.6.4 Backdoor Arbitrary Command Execution", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"references": [{"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/mybb_backdoor.rb", "tags": ["exploit"]}, {"url": "https://www.exploit-db.com/exploits/17949", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-14T14:07:57.715204Z", "id": "CVE-2011-10018", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-14T14:08:01.308Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2011-10018", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-14T14:07:57.715204Z"}}}], "references": [{"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/mybb_backdoor.rb", "tags": ["exploit"]}, {"url": "https://www.exploit-db.com/exploits/17949", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-14T14:07:45.471Z"}}], "cna": {"title": "myBB 1.6.4 Backdoor Arbitrary Command Execution", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "MyBB"}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 10, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "myBB Group", "modules": ["index.php", "collapsed cookie"], "product": "Forum Software", "versions": [{"status": "affected", "version": "1.6.4"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/mybb_backdoor.rb", "tags": ["exploit"]}, {"url": "https://www.exploit-db.com/exploits/17949", "tags": ["exploit"]}, {"url": "https://web.archive.org/web/20111015224948/http://secunia.com/advisories/46300/", "tags": ["third-party-advisory"]}, {"url": "https://blog.mybb.com/2011/10/06/1-6-4-security-vulnerabilit/", "tags": ["vendor-advisory", "patch"]}, {"url": "https://www.vulncheck.com/advisories/mybb-backdoor-arbitrary-command-execution", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP code by injecting payloads into a specially crafted collapsed cookie. This vulnerability was introduced during packaging and was not part of the intended application logic. Exploitation requires no authentication and results in full compromise of the web server under the context of the web application.", "supportingMedia": [{"type": "text/html", "value": "myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP code by injecting payloads into a specially crafted collapsed cookie. This vulnerability was introduced during packaging and was not part of the intended application logic. Exploitation requires no authentication and results in full compromise of the web server under the context of the web application.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-912", "description": "CWE-912 Hidden Functionality"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-08-13T20:35:31.755Z"}}}, "cveMetadata": {"cveId": "CVE-2011-10018", "state": "PUBLISHED", "dateUpdated": "2025-08-14T14:08:01.308Z", "dateReserved": "2025-08-13T17:52:08.905Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2025-08-13T20:35:31.755Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mybb:mybb:1.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "FDFE35CB-05CC-4E6F-B188-1141773E7F10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP code by injecting payloads into a specially crafted collapsed cookie. This vulnerability was introduced during packaging and was not part of the intended application logic. Exploitation requires no authentication and results in full compromise of the web server under the context of the web application."}, {"lang": "es", "value": "La versi\u00f3n 1.6.4 de myBB se distribuy\u00f3 con una puerta trasera no autorizada incrustada en el c\u00f3digo fuente. Esta puerta trasera permit\u00eda a atacantes remotos ejecutar c\u00f3digo PHP arbitrario inyectando payloads en una cookie colapsada especialmente manipulada. Esta vulnerabilidad se introdujo durante el empaquetado y no formaba parte de la l\u00f3gica de la aplicaci\u00f3n. Su explotaci\u00f3n no requiere autenticaci\u00f3n y compromete por completo el servidor web en el contexto de la aplicaci\u00f3n web."}], "id": "CVE-2011-10018", "lastModified": "2025-08-14T17:42:18.333", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-08-13T21:15:29.387", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://blog.mybb.com/2011/10/06/1-6-4-security-vulnerabilit/"}, {"source": "[email protected]", "tags": ["Product"], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/mybb_backdoor.rb"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://web.archive.org/web/20111015224948/http://secunia.com/advisories/46300/"}, {"source": "[email protected]", "tags": ["Exploit"], "url": "https://www.exploit-db.com/exploits/17949"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/mybb-backdoor-arbitrary-command-execution"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Product"], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/mybb_backdoor.rb"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit"], "url": "https://www.exploit-db.com/exploits/17949"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}, {"lang": "en", "value": "CWE-912"}], "source": "[email protected]", "type": "Secondary"}]}

{}