MyBB Community Forums

A new 0day has gone on sale a few hours ago on the black market targeting all versions of mybb.

The title being: "MyBB (All Versions) File Upload 0day"

Does anybody know about this or have it that know how to patch it before they do too much damage.

If you need the link to the site selling it, please pm me as I don't think I'll be allowed to post it here.

I was going to buy it just to try and fix my site before they hit me but they only accept LR

For security reports use the contact form. http://www.mybb.com/contact

Thank you, just sent so hopefully I'll hear back soon

Several people have pointed out suggestions of an exploit but thus far we have found no physical evidence that any such vulnerability exists.

Every reference we have come across has asked for significant sums of money, and frankly it smells very fishy. At this stage it seems highly likely that whoever is perpetuating these rumors is just trying to extort money.

Of course if anyone has any hard information then please don't hesitate to make a thread in Private Inquiries or use the contact form. For everyone else, I'd steer clear of anyone trying to sell you vulnerabilities if you don't want to be scammed.