Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2008-7082

EPSS 0.10% · P28
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2008-7082

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key parameter in URLs to moderation.php with the (1) mergeposts, (2) split, and (3) deleteposts actions, which allows remote attackers to steal the token and bypass the cross-site request forgery (CSRF) protection mechanism to hijack the authentication of moderators by reading the token from the HTTP Referer header.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Mybboard MyBB Referer头my_post_key令牌信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
MyBB是一款流行的Web论坛程序。 MyBB在对引用了外部站点的图形发送某些请求时(如执行拆分和合并线索或删帖等操作),Referer HTTP头中会包含有my_post_key令牌,这可能导致泄露用户的密钥令牌。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2008-7082

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2008-7082

登录查看更多情报信息。

Same Patch Batch · n/a · 2009-08-25 · 29 CVEs total

CVE-2008-7069paul_arbogast accms 信息泄露漏洞
CVE-2008-7083ReVou Login SQL注入漏洞
CVE-2008-7081RaidSonic ICY BOX NAS 'userHandler.cgi' 身份认证绕过漏洞
CVE-2008-7080Php_classifieds_script 权限许可和访问控制漏洞
CVE-2008-7079Nero ShowTime .m3u文件处理缓冲区溢出漏洞
CVE-2008-7078Maxum Rumpus FTP Server HTTP命令远程拒绝服务漏洞
CVE-2008-7077Relative SailPlanner Login SQL注入漏洞
CVE-2008-7076Kalptaru_Infotech Star Articles 'user.modify.profile.php' 任意文件上传漏洞
CVE-2008-7075Kalptaru_Infotech Star Articles多个SQL注入漏洞
CVE-2008-7074MemeCode Software i.Scribe 远程格式化字符串漏洞
CVE-2008-7073Ekkaia Pie RSS Module 'lib' Parameter 远程文件包含漏洞
CVE-2008-7072Chipmunk Topsites 'start' Parameter跨站脚本攻击漏洞
CVE-2008-7071Chipmunk Topsites 'authenticate.php' SQL注入漏洞
CVE-2008-7070KVIrc URI Handler 远程代码执行漏洞
CVE-2009-2959Buildbot 多个未明跨站脚本攻击漏洞
CVE-2008-7068PHP dba_replace函数 输入验证漏洞
CVE-2008-7067PageTree CMS 'main.php'远程文件包含漏洞
CVE-2008-70662Enetworx OpenForum 'profile.php'身份认证绕过漏洞
CVE-2008-7065Siemens C450IP/C475IP电话远程拒绝服务漏洞
CVE-2008-7064Quicksilver Forums本地文件包含和任意文件上传漏洞

Showing top 20 of 29 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2008-7082

No comments yet

Leave a comment