First published: Wed Mar 18 2015(Updated: )
Cross-site request forgery (CSRF) vulnerability in the Admin Control Panel (ACP) login in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mybb Mybb | <=1.8.3 |
http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-2334 is considered a medium severity vulnerability due to the potential for CSRF attacks.
To fix CVE-2015-2334, upgrade to MyBB version 1.8.4 or later.
CVE-2015-2334 affects MyBB versions prior to 1.8.4.
CVE-2015-2334 is a Cross-Site Request Forgery (CSRF) vulnerability.
Remote attackers can exploit CVE-2015-2334 to hijack the authentication of victims.