Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5131

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-5131
Last Modified 13 Sep 2012 12:00:00
Published 30 Aug 2012 06:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-5131

Summary

Cross-site request forgery (CSRF) vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of a user for requests that change the user's language via the language parameter.

Vulnerable Systems

Application

  • Mybb 1.1.0

  • Mybb 1.1.1

  • Mybb 1.1.2

  • Mybb 1.1.3

  • Mybb 1.1.4

  • Mybb 1.1.5

  • Mybb 1.1.6

  • Mybb 1.1.7

  • Mybb 1.1.8

  • Mybb 1.2

  • Mybb 1.2.0

  • Mybb 1.2.1

  • Mybb 1.2.10

  • Mybb 1.2.11

  • Mybb 1.2.12

  • Mybb 1.2.13

  • Mybb 1.2.14

  • Mybb 1.2.2

  • Mybb 1.2.3

  • Mybb 1.2.4

  • Mybb 1.2.5

  • Mybb 1.2.6

  • Mybb 1.2.7

  • Mybb 1.2.8

  • Mybb 1.2.9

  • Mybb 1.3

  • Mybb 1.4.0

  • Mybb 1.4.1

  • Mybb 1.4.10

  • Mybb 1.4.11

  • Mybb 1.4.12

  • Mybb 1.4.13

  • Mybb 1.4.14

  • Mybb 1.4.15

  • Mybb 1.4.16

  • Mybb 1.4.2

  • Mybb 1.4.3

  • Mybb 1.4.4

  • Mybb 1.4.5

  • Mybb 1.4.6

  • Mybb 1.4.7

  • Mybb 1.4.8

  • Mybb 1.4.9

  • Mybb 1.5.1

  • Mybb 1.5.2

  • Mybb 1.6.0

  • Mybb 1.6.1

  • Mybb 1.6.2

  • Mybb 1.6.3

  • Mybb 1.6.4


References

XF - mybb-language-setting-csrf(71462)

BID - 50816

OSVDB - 77327

SECUNIA - 46951

CONFIRM - http://dev.mybb.com/issues/1729

CONFIRM - http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/


Last Updated: 27 May 2016 11:00:25