CVE-2004-1967
HIGHOpenBB <= 1.0.6 - Cross-Site Request Forgery in Multiple Admin Scripts
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerabilities in (1) cp_forums.php, (2) cp_usergroup.php, (3) cp_ipbans.php, (4) myhome.php, (5) post.php, or (6) moderator.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary code by including the code in an image tag or a link.
References (4)
Core 4
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108301983206107&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15967
Broken Link, Exploit, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/11481
Broken Link, Exploit, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1009935
Scores
CVSS v3
8.8
EPSS
0.0163
EPSS Percentile
73.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (1)
openbb/openbb
1.0.6
Published
Apr 25, 2004
Tracked Since
Feb 18, 2026