6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter).
CVSS Score
8.8
EPSS Score
0.001
Published
2019-08-08