Description Installer RCE on settings file write in MyBB before 1.8.22. Remediation References CVE-2020-22612 Related Vulnerabilities PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2011-0708) WordPress Plugin The Events Calendar Cross-Site Scripting (3.0) PHP Use of Externally-Controlled Format String Vulnerability (CVE-2011-1153) WordPress Plugin fMoblog 'id' Parameter SQL Injection (2.1) WordPress Plugin Jock on air now Multiple Vulnerabilities (5.6.1) Severity Critical Classification CVE-2020-22612 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities