What is CVE-2011-10018?

CVE-2011-10018 is a vulnerability in Mybb Group Forum Software, classified under Hidden Functionality. Published 2025-08-13.

Is CVE-2011-10018 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Mybb Group Forum Software

CVE-2011-10018

myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP code by injecting payloads into a specially crafted collapsed cookie. This vulnera…

EPSS: 0.530 (98.0th percentile) — read the EPSS interpretation.

Affected products

Mybb Group Forum Software — versions 1.6.4

Weakness classification (CWE)

Public proof-of-concept exploits

rapid7/metasploit-framework

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/u… (exploit)
www.exploit-db.com/exploits/17949 (exploit)
web.archive.org/web/20111015224948/http://secunia.com/advisories/46300/ (third-party-advisory)
blog.mybb.com/2011/10/06/1-6-4-security-vulnerabilit/ (vendor-advisory, patch)
www.vulncheck.com/advisories/mybb-backdoor-arbitrary-command-execution (third-party-advisory)

Frequently asked questions

What is CVE-2011-10018?: CVE-2011-10018 is a vulnerability in Mybb Group Forum Software, classified under Hidden Functionality. Published 2025-08-13.
Is CVE-2011-10018 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.