CVE-2018-11502

An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
VendorProductVersion
moderator_log_notes_projectmoderator_log_notes
1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://packetstormsecurity.com/files/148999/MyBB-Moderator-Log-Notes-1.1-Cross-Site-Request-Forgery.html
https://www.exploit-db.com/exploits/45224/
https://packetstormsecurity.com/files/148999/MyBB-Moderator-Log-Notes-1.1-Cross-Site-Request-Forgery.html
https://www.exploit-db.com/exploits/45224/