MyBB < 1.4.4 CSRF
Medium Nessus Network Monitor Plugin ID 4767
SynopsisThe remote host is vulnerable to a cross-site request forgery (CSRF) attack.
DescriptionThe version of MyBB installed on the remote host is vulnerable to an information-disclosure flaw. Specifically, the 'my_post_key' variable of the 'moderation.php' script can be harvested by malicious third party sites. An attacker can use this information to generate cross-site request forgery (CSRF) attacks.
SolutionUpgrade to version 1.4.4 or higher.