Vulnerability Details CVE-2008-7082
MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key parameter in URLs to moderation.php with the (1) mergeposts, (2) split, and (3) deleteposts actions, which allows remote attackers to steal the token and bypass the cross-site request forgery (CSRF) protection mechanism to hijack the authentication of moderators by reading the token from the HTTP Referer header.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.6%
CVSS Severity
CVSS v2 Score 6.8
References
- http://osvdb.org/50275
- http://secunia.com/advisories/32880
- http://www.securityfocus.com/archive/1/498630/100/0/threaded
- http://www.securityfocus.com/bid/32467
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46885
- http://osvdb.org/50275
- http://secunia.com/advisories/32880
- http://www.securityfocus.com/archive/1/498630/100/0/threaded
- http://www.securityfocus.com/bid/32467
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46885