CVE-2008-0788

Name of the Vulnerable Software and Affected Versions MyBB versions 1.2.11 and earlier

Description The issue allows remote attackers to hijack the authentication of moderators, administrators, or arbitrary users. This can be done in two ways: (1) by deleting threads via a do multideletethreads action to "moderation.php" and (2) by deleting private messages (PM) via a delete action to "private.php".

Recommendations For MyBB versions 1.2.11 and earlier, consider disabling the do multideletethreads action in "moderation.php" and the delete action in "private.php" to prevent exploitation until a fix is available. Restrict access to "moderation.php" and "private.php" to minimize the risk of authentication hijacking.