CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-12363

An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2014-11-05 for MyBB. An attacker can forge a request to an installed mybb2fa plugin to control its state via usercp.php?action=mybb2fa&do=deactivate (or usercp.php?action=mybb2fa&do=activate). A deactivate operation lowers the security of the targeted account by disabling two factor authentication.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 24.8%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

https://community.mybb.com/thread-162369.html
https://seekurity.com/blog/advisories/mybb-two-factor-authentication-extension-vulnerabilities/
https://community.mybb.com/thread-162369.html
https://seekurity.com/blog/advisories/mybb-two-factor-authentication-extension-vulnerabilities/

Products affected by CVE-2019-12363

Mybb-2fa Project » Mybb-2fa » Version: 2014-11-05

cpe:2.3:a:mybb-2fa_project:mybb-2fa:2014-11-05

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-12363

Products

Pricing

Contact Us