CVE-2011-5131

Cross-site request forgery (CSRF) vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of a user for requests that change the user's language via the language parameter.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
mybbmybb
𝑥
≤ 1.6.4
mybbmybb
1.1.0
mybbmybb
1.1.1
mybbmybb
1.1.2
mybbmybb
1.1.3
mybbmybb
1.1.4
mybbmybb
1.1.5
mybbmybb
1.1.6
mybbmybb
1.1.7
mybbmybb
1.1.8
mybbmybb
1.2
mybbmybb
1.2.0
mybbmybb
1.2.1
mybbmybb
1.2.2
mybbmybb
1.2.3
mybbmybb
1.2.4
mybbmybb
1.2.5
mybbmybb
1.2.6
mybbmybb
1.2.7
mybbmybb
1.2.8
mybbmybb
1.2.9
mybbmybb
1.2.10
mybbmybb
1.2.11
mybbmybb
1.2.12
mybbmybb
1.2.13
mybbmybb
1.2.14
mybbmybb
1.3:pre-1.0
mybbmybb
1.4.0
mybbmybb
1.4.1
mybbmybb
1.4.2
mybbmybb
1.4.3
mybbmybb
1.4.4
mybbmybb
1.4.5
mybbmybb
1.4.6
mybbmybb
1.4.7
mybbmybb
1.4.8
mybbmybb
1.4.9
mybbmybb
1.4.10
mybbmybb
1.4.11
mybbmybb
1.4.12
mybbmybb
1.4.13
mybbmybb
1.4.14
mybbmybb
1.4.15
mybbmybb
1.4.16
mybbmybb
1.5.1
mybbmybb
1.5.2
mybbmybb
1.6.0
mybbmybb
1.6.1
mybbmybb
1.6.2
mybbmybb
1.6.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/
http://dev.mybb.com/issues/1729
http://secunia.com/advisories/46951
http://www.osvdb.org/77327
http://www.securityfocus.com/bid/50816
https://exchange.xforce.ibmcloud.com/vulnerabilities/71462
http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/
http://dev.mybb.com/issues/1729
http://secunia.com/advisories/46951
http://www.osvdb.org/77327
http://www.securityfocus.com/bid/50816
https://exchange.xforce.ibmcloud.com/vulnerabilities/71462