CVE-2015-9292

Name of the Vulnerable Software and Affected Versions 6kbbs versions 7.1 through 8.0

Description The issue allows for CSRF attacks via specific API endpoints, including "portalchannel ajax.php" with id or code parameters, and "admin.php" with a fileids parameter.

Recommendations For versions 7.1 and 8.0, consider restricting access to the "portalchannel ajax.php" and "admin.php" endpoints to minimize the risk of exploitation. As a temporary workaround, avoid using the id, code, and fileids parameters in the affected API endpoints until the issue is resolved.