Описание
Cross-site request forgery (CSRF) vulnerabilities in (1) cp_forums.php, (2) cp_usergroup.php, (3) cp_ipbans.php, (4) myhome.php, (5) post.php, or (6) moderator.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary code by including the code in an image tag or a link.
Ссылки
- Mailing List
- Broken LinkExploitVendor Advisory
- Broken LinkExploitThird Party AdvisoryVDB EntryVendor Advisory
- Third Party AdvisoryVDB Entry
- Mailing List
- Broken LinkExploitVendor Advisory
- Broken LinkExploitThird Party AdvisoryVDB EntryVendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:openbb:openbb:1.0.6:*:*:*:*:*:*:*
EPSS
Процентиль: 79%
0.01267
Низкий
8.8 High
CVSS3
7.5 High
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 8.8
github
почти 4 года назад
Cross-site request forgery (CSRF) vulnerabilities in (1) cp_forums.php, (2) cp_usergroup.php, (3) cp_ipbans.php, (4) myhome.php, (5) post.php, or (6) moderator.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary code by including the code in an image tag or a link.
EPSS
Процентиль: 79%
0.01267
Низкий
8.8 High
CVSS3
7.5 High
CVSS2
Дефекты
CWE-352