icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

MyBB < 1.4.4 CSRF

Medium

Synopsis

The remote host is vulnerable to a cross-site request forgery (CSRF) attack.

Description

The version of MyBB installed on the remote host is vulnerable to an information-disclosure flaw. Specifically, the 'my_post_key' variable of the 'moderation.php' script can be harvested by malicious third party sites. An attacker can use this information to generate cross-site request forgery (CSRF) attacks.

Solution

Upgrade to version 1.4.4 or higher.