Mybboard : Security Vulnerabilities, CVEs, (CSRF)
MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key parameter in URLs to moderation.php with the (1) mergeposts, (2) split, and (3) deleteposts actions, which allows remote attackers to steal the token and bypass the cross-site request forgery (CSRF) protection mechanism to hijack the authentication of moderators by reading the token from the HTTP Referer header.
Max CVSS
6.8
EPSS Score
0.21%
Published
2009-08-25
Updated
2018-10-11
1 vulnerabilities found