Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

MyBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-7305)

Description

MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitrary deletion of user accounts.

Remediation

References

Related Vulnerabilities

WordPress Plugin Newsletters Multiple Vulnerabilities (4.6.14)

WordPress Plugin VKontakte API Cross-Site Scripting (2.7)

WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.13)

WordPress Plugin Cleeng-Sell your videos Cross-Site Scripting (2.3.2)

WordPress Plugin Slickr Flickr Cross-Site Scripting (2.8.1)

Severity

Medium

Classification

CVE-2018-7305 CWE-352 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities