MyBB Community Forums

Full Version: Code injection vulnerability
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Huh
Can you explain the purpose of your post ?
"File not found" is not the same as "404 Not Found"
Beyond that, I can't answer. But the suggestion is that there may be a vulnerability.
I also replied to your private inquiries thread, but again I'm not sure what the issue is here.
Nothing vulnerable here. Just mybb.com have a different nginx fastcgi_param value when .php file is not found which is different from any other .extension/directory

https://community.mybb.com/test.php - file not found
https://community.mybb.com/test.mybb - 404 Not Found
https://community.mybb.com/test - 404 Not Found
The unintended behaviors have been resolved. Thanks for the report and the explanation, Clumsy, HLFadmin and codedude.