Description
Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2.11 and earlier allow remote attackers to (1) hijack the authentication of moderators or administrators for requests that delete threads via a do_multideletethreads action to moderation.php and (2) hijack the authentication of arbitrary users for requests that delete private messages (PM) via a delete action to private.php.
Remediation
References
Related Vulnerabilities
SugarCRM Other Vulnerability (CVE-2004-1225)
WordPress Plugin WP Statistics Multiple Unspecified Vulnerabilities (9.6.5)
Apache Tomcat Improper Input Validation Vulnerability (CVE-2012-3544)
WordPress Plugin YITH WooCommerce Request A Quote Security Bypass (1.4.7)
WordPress Plugin Smooth Scroll Page Up/Down Buttons Cross-Site Scripting (1.3)