CSRF Vulnerability in Admin Notes Plugin Allows Remote Deletion of Admin Notes

CSRF Vulnerability in Admin Notes Plugin Allows Remote Deletion of Admin Notes

CVE-2018-11092 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:P

An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table (aka Clear Table) action.

Learn more about our Web Application Penetration Testing UK.