Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2.11 and earlier allow remote attackers to (1) hijack the authentication of moderators or administrators for requests that delete threads via a do_multideletethreads action to moderation.php and (2) hijack the authentication of arbitrary users for requests that delete private messages (PM) via a delete action to private.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
mybb 多个文件操作 跨站请求伪造漏洞
Vulnerability Description
MyBB存在跨站请求伪造漏洞。远程攻击者可以(1)通过moderation.PHP的do_multideletethreads操作以劫持主持人或管理员的验证来请求删除线程;和(2)通过private.PHP的删除操作劫持任意用户的认证请求信息以删除用户的私有信息。
CVSS Information
N/A
Vulnerability Type
N/A