Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in the Moderator Control Panel in vBulletin 4.2.2 allows remote attackers to hijack the authentication of administrators for requests that (1) ban a user via the username parameter in a dobanuser action to modcp/banning.php or (2) unban a user, (3) modify user profiles, edit a (4) post or (5) topic, or approve a (6) post or (7) topic via unspecified vectors.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
vBulletin Moderator Control Panel 跨站请求伪造漏洞
Vulnerability Description
vBulletin是美国Internet Brands和vBulletin Solutions公司共同开发的一款开源的商业Web论坛程序。 vBulletin 4.2.2版本的Moderator Control Panel中存在跨站请求伪造漏洞,该漏洞源于modcp/banning.php脚本没有充分过滤‘username’参数。远程攻击者可利用该漏洞禁用用户或解除用户禁用,修改用户配置文件,编辑帖子或主题,发布贴子或主题。
CVSS Information
N/A
Vulnerability Type
N/A