Back to search
CVE-2008-7082
Published: Aug 25, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key parameter in URLs to moderation.php with the (1) mergeposts, (2) split, and (3) deleteposts actions, which allows remote attackers to steal the token and bypass the cross-site request forgery (CSRF) protection mechanism to hijack the authentication of moderators by reading the token from the HTTP Referer header.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20081125 MyBB 1.4.3 my_post_key Disclosure Vulnerability
mailing-list
x_refsource_BUGTRAQ
32467
vdb-entry
x_refsource_BID
32880
third-party-advisory
x_refsource_SECUNIA
mybb-mypostkey-weak-security(46885)
vdb-entry
x_refsource_XF
50275
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now