Posted by Taoguang Chen on Nov 26
#MyBB <= 1.8.2 unset_globals() Function Bypass and Remote Code
Execution Vulnerability
Taoguang Chen <[ () chtg57](twitter.com/chtg57)> – 2014.11.21
##I. MyBB’s unset_globals() Function Bypass
When PHP’s register_globals configuration set on, MyBB will call
unset_globals() function, all global variables registered by PHP from
$_POST, $_GET, $_FILES, and $_COOKIE arrays will be destroyed.
“`…