Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key parameter in URLs to moderation.php with the (1) mergeposts, (2) split, and (3) deleteposts actions, which allows remote attackers to steal the token and bypass the cross-site request forgery (CSRF) protection mechanism to hijack the authentication of moderators by reading the token from the HTTP Referer header.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mybboard MyBB Referer头my_post_key令牌信息泄露漏洞
Vulnerability Description
MyBB是一款流行的Web论坛程序。 MyBB在对引用了外部站点的图形发送某些请求时(如执行拆分和合并线索或删帖等操作),Referer HTTP头中会包含有my_post_key令牌,这可能导致泄露用户的密钥令牌。
CVSS Information
N/A
Vulnerability Type
N/A