Arbitrary Code Execution via Cross-Site Request Forgery (CSRF) in Open Bulletin Board (OpenBB) 1.0.6 and earlier

Arbitrary Code Execution via Cross-Site Request Forgery (CSRF) in Open Bulletin Board (OpenBB) 1.0.6 and earlier

CVE-2004-1967 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Cross-site request forgery (CSRF) vulnerabilities in (1) cp_forums.php, (2) cp_usergroup.php, (3) cp_ipbans.php, (4) myhome.php, (5) post.php, or (6) moderator.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary code by including the code in an image tag or a link.

Learn more about our User Device Pen Test.