Cyber Resilience

CVE-2023-53979

HighPublic PoC

Published: 22 December 2025

Published
22 December 2025
Modified
27 December 2025
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0070 48.4th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-53979 is a high-severity Path Traversal (CWE-22) vulnerability in Mybb Mybb. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 48.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-5 (Access Restrictions for Change) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2023-53979 is a chained vulnerability affecting MyBB version 1.8.32, a popular open-source forum software. It allows authenticated administrators to bypass restrictions on avatar uploads and achieve arbitrary code execution. The exploit chain involves modifying upload path settings, uploading a malicious image file embedded with PHP code, and executing commands through the language configuration editing interface. The vulnerability is associated with CWE-22 (Path Traversal) and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and availability.

The attack requires low privileges—an authenticated administrator account—and can be carried out remotely without user interaction. An attacker with admin access can alter upload configurations to store files outside intended directories, embed executable PHP in an image, and trigger code execution via the language editor interface. This leads to full remote code execution on the server, potentially enabling full system compromise, data theft, or further persistence.

Advisories from sources like Vulncheck detail the chained local file inclusion and RCE issues, while the MyBB official site provides relevant security resources. An exploit is publicly available on Exploit-DB (ID 51213), and a related CVE-2022-45867 is referenced in the record. Practitioners should consult these for patch information and upgrade to mitigated versions of MyBB.

EU & UK References

Vulnerability details

MyBB 1.8.32 contains a chained vulnerability that allows authenticated administrators to bypass avatar upload restrictions and execute arbitrary code. Attackers can modify upload path settings, upload a malicious PHP-embedded image file, and execute commands through the language configuration editing interface.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

CVE-2023-53979 enables exploitation of a public-facing web application (MyBB) via path traversal and malicious file upload with embedded PHP, facilitating web shell-like remote code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2011-10018Same product: Mybb Mybb
CVE-2025-54446Shared CWE-22
CVE-2024-13725Shared CWE-22
CVE-2026-42605Shared CWE-22
CVE-2024-13409Shared CWE-22
CVE-2026-3289Shared CWE-22
CVE-2026-32731Shared CWE-22
CVE-2026-41463Shared CWE-22
CVE-2026-7519Shared CWE-22
CVE-2024-13545Shared CWE-22

Affected Assets

mybb
mybb
1.8.32

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the chained path traversal and RCE vulnerability in MyBB 1.8.32 by applying vendor patches or upgrades.

prevent

Enforces validation of upload path inputs and file contents to block path traversal and malicious PHP-embedded image uploads.

prevent

Restricts access to configuration change tools for upload paths and language settings, preventing authenticated admins from enabling the exploit chain.

References