CVE-2006-3420

Name of the Vulnerable Software and Affected Versions MyBulletinBoard (MyBB) versions prior to 1.1.5

Description A cross-site request forgery (CSRF) issue allows remote attackers to perform unauthorized actions as a logged-in user, including deleting arbitrary forum posts. This can be achieved via a bbcode IMG tag with a modified delete parameter in a deletepost action.

Recommendations For versions prior to 1.1.5, update to version 1.1.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the editpost.php file or disabling the deletepost action until a patch is available. Avoid using the delete parameter in the affected deletepost action until the issue is resolved.