CVE-2008-0788
Mybb < 1.2.11 - CSRF
Title source: ruleDescription
Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2.11 and earlier allow remote attackers to (1) hijack the authentication of moderators or administrators for requests that delete threads via a do_multideletethreads action to moderation.php and (2) hijack the authentication of arbitrary users for requests that delete private messages (PM) via a delete action to private.php.
References (5)
Scores
EPSS
0.0017
EPSS Percentile
38.4%
Classification
CWE
CWE-352
Status
draft
Affected Products (1)
mybb/mybb
< 1.2.11
Timeline
Published
Feb 15, 2008
Tracked Since
Feb 18, 2026