CVE-2008-7082

Name of the Vulnerable Software and Affected Versions MyBB versions 1.4.3

Description The issue allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism, potentially hijacking the authentication of moderators. This is achieved by stealing a sensitive token, my post key, which is included in URLs to "moderation.php" with specific actions: (1) mergeposts, (2) split, and (3) deleteposts. The token can be read from the HTTP Referer header.

Recommendations For MyBB version 1.4.3, consider restricting access to the moderation.php endpoint with the mergeposts, split, and deleteposts actions until a patch is available. As a temporary workaround, avoid using the my post key parameter in the affected API endpoint to minimize the risk of exploitation.