Description
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag.
References (3)
Core 3
Core References
Broken Link, Patch x_refsource_misc
http://www.ubbcentral.com/boards/showflat.php/Cat/0/Number/42351/Main/42351/#Post42351
Broken Link, Exploit, Patch, Vendor Advisory x_refsource_misc
http://www.gulftech.org/?node=research&article_id=00084-06232005
Exploit, Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111963737202040&w=2
Scores
CVSS v3
6.5
EPSS
0.0096
EPSS Percentile
57.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-352
Status
published
Products (1)
ubbcentral/ubb.threads
< 6.5.1.1
Published
Jun 29, 2005
Tracked Since
Feb 18, 2026