CVE-2019-12363
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2014-11-05 for MyBB. An attacker can forge a request to an installed mybb2fa plugin to control its state via usercp.php?action=mybb2fa&do=deactivate (or usercp.php?action=mybb2fa&do=activate). A deactivate operation lowers the security of the targeted account by disabling two factor authentication.
Se detectó un problema de tipo CSRF en el plugin MyBB-2FA de JN-Jones hasta el 05-11-2014 para MyBB. Un atacante puede forjar una petición a un plugin mybb2fa instalado para controlar su estado por medio de usercp.php?action=mybb2fa&do=deactivate (o usercp.php?action=mybb2fa&do=activate). Una operación de desactivación reduce la seguridad de la cuenta de destino al deshabilitar la autenticación de dos factores.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-05-27 CVE Reserved
- 2019-07-11 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://community.mybb.com/thread-162369.html | Issue Tracking |
| URL | Date | SRC |
|---|---|---|
| https://seekurity.com/blog/advisories/mybb-two-factor-authentication-extension-vulnerabilities | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mybb-2fa Project Search vendor "Mybb-2fa Project" | Mybb-2fa Search vendor "Mybb-2fa Project" for product "Mybb-2fa" | <= 2014-11-05 Search vendor "Mybb-2fa Project" for product "Mybb-2fa" and version " <= 2014-11-05" | mybb |
Affected
| ||||||