CSRF Vulnerability in Moderator Log Notes Plugin 1.1 for MyBB

CSRF Vulnerability in Moderator Log Notes Plugin 1.1 for MyBB

CVE-2018-11502 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:P

An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF.

Learn more about our Web Application Penetration Testing UK.