CVE-2023-53979

HighPublic PoC

Published: 22 December 2025

Published

22 December 2025

Modified

27 December 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0013 32.0th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

MyBB 1.8.32 contains a chained vulnerability that allows authenticated administrators to bypass avatar upload restrictions and execute arbitrary code. Attackers can modify upload path settings, upload a malicious PHP-embedded image file, and execute commands through the language configuration editing interface.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the chained path traversal and RCE vulnerability in MyBB 1.8.32 by applying vendor patches or upgrades.

SI-10 Information Input Validation good match

prevent

Enforces validation of upload path inputs and file contents to block path traversal and malicious PHP-embedded image uploads.

CM-5 Access Restrictions for Change good match

prevent

Restricts access to configuration change tools for upload paths and language settings, preventing authenticated admins from enabling the exploit chain.

Security SummaryAI

CVE-2023-53979 is a chained vulnerability affecting MyBB version 1.8.32, a popular open-source forum software. It allows authenticated administrators to bypass restrictions on avatar uploads and achieve arbitrary code execution. The exploit chain involves modifying upload path settings, uploading a malicious image file embedded with PHP code, and executing commands through the language configuration editing interface. The vulnerability is associated with CWE-22 (Path Traversal) and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and availability.

The attack requires low privileges—an authenticated administrator account—and can be carried out remotely without user interaction. An attacker with admin access can alter upload configurations to store files outside intended directories, embed executable PHP in an image, and trigger code execution via the language editor interface. This leads to full remote code execution on the server, potentially enabling full system compromise, data theft, or further persistence.

Advisories from sources like Vulncheck detail the chained local file inclusion and RCE issues, while the MyBB official site provides relevant security resources. An exploit is publicly available on Exploit-DB (ID 51213), and a related CVE-2022-45867 is referenced in the record. Practitioners should consult these for patch information and upgrade to mitigated versions of MyBB.

Details

CWE(s): CWE-22

Affected Products

mybb

1.8.32

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1505.003 Web Shell Persistence

Adversaries may backdoor web servers with web shells to establish persistent access to systems.

attack.mitre.org →

Why these techniques?

CVE-2023-53979 enables exploitation of a public-facing web application (MyBB) via path traversal and malicious file upload with embedded PHP, facilitating web shell-like remote code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://fdlucifer.github.io/2023/01/17/mybb1-8-32-LFI-RCE/
Exploit, Third Party Advisory · disclosure@vulncheck.com
https://mybb.com/
Product · disclosure@vulncheck.com
https://www.exploit-db.com/exploits/51213
Exploit · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/mybb-authenticated-remote-code-execution-via-chained-vulnerabilities
Exploit, Third Party Advisory · disclosure@vulncheck.com
https://www.cve.org/CVERecord?id=CVE-2022-45867
af854a3a-2127-422b-91ae-364da2661108