Mkportal: >> Mkportal >> 1.1 Security Vulnerabilities
Cross-site request forgery (CSRF) vulnerability in urlobox in MKPortal allows remote attackers to delete arbitrary messages as an administrator via a delete operation in an img BBcode tag.
CVSS Score
5.8
EPSS Score
0.003
Published
2006-12-26
SQL injection vulnerability in vb_board_functions.php in MKPortal 1.1, as used with vBulletin 3.5.4 and earlier, allows remote attackers to execute arbitrary SQL commands via the userid parameter.
CVSS Score
7.5
EPSS Score
0.005
Published
2006-04-27