Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3420

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3420
Last Modified 05 Sep 2008 05:07:06
Published 06 Jul 2006 08:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3420

Summary

Cross-site request forgery (CSRF) vulnerability in editpost.php in MyBulletinBoard (MyBB) before 1.1.5 allows remote attackers to perform unauthorized actions as a logged in user and delete arbitrary forum posts via a bbcode IMG tag with a modified delete parameter in a deletepost action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Vulnerable Systems

Application

  • Mybulletinboard 1.1

  • Mybulletinboard 1.1.1

  • Mybulletinboard 1.1.2

  • Mybulletinboard 1.1.3

  • Mybulletinboard 1.1.4


References

XF - mybb-editpost-xsrf(27682)

OSVDB - 26807

SECUNIA - 20659


Last Updated: 27 May 2016 10:43:00