CVE-2011-10018
BaseFortify
Publication date: 2025-08-13
Last updated on: 2025-08-14
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mybb | mybb | 1.6.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
| CWE-912 | The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2011-10018 is a critical vulnerability in myBB version 1.6.4 where an unauthorized backdoor was embedded in the source code distributed by the vendor. This backdoor allows remote attackers to execute arbitrary PHP code by injecting payloads into a specially crafted cookie named 'collapsed'. The vulnerability was introduced during packaging and is not part of the intended application logic. Exploitation requires no authentication and results in full compromise of the web server running the vulnerable myBB installation. [1, 2, 4, 5]
How can this vulnerability impact me? :
This vulnerability can lead to a full compromise of the web server hosting the myBB forum software. Attackers can remotely execute arbitrary PHP code without any authentication or user interaction, potentially gaining unauthorized system access. This can result in loss of confidentiality, integrity, and availability of the affected system, allowing attackers to control the server, steal data, deface websites, or launch further attacks. [1, 2, 4, 5]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the MyBB installation is running version 1.6.4 with the unauthorized backdoor in the source code, particularly in the index.php file. One detection method is to send an HTTP GET request to the target's /index.php and observe the response. Additionally, using the Metasploit module for CVE-2011-10018 can help detect the vulnerability by sending a crafted request and checking for a 2xx HTTP status code response indicating potential vulnerability. A simple curl command to test the server response could be: curl -I http://target/index.php. For more active detection, the Metasploit module sends a GET request with a specially crafted 'collapsed' cookie to trigger the backdoor if present. [4, 5]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Downloading and installing the latest clean version of MyBB to replace the compromised version 1.6.4. 2) Replacing the root folder's index.php file with the one from the clean download (./Upload/index.php). 3) Removing the ./install/ directory from the forum installation. Alternatively, applying the official patch provided by MyBB for version 1.6.4 can remove the unauthorized backdoor code. These steps ensure removal of the backdoor and prevent exploitation. [1, 3]