Vulnerability Description
Cross-site request forgery (CSRF) vulnerabilities in (1) cp_forums.php, (2) cp_usergroup.php, (3) cp_ipbans.php, (4) myhome.php, (5) post.php, or (6) moderator.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary code by including the code in an image tag or a link.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openbb | Openbb | 1.0.6 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=108301983206107&w=2Mailing List
- http://secunia.com/advisories/11481Broken LinkExploitVendor Advisory
- http://securitytracker.com/id?1009935Broken LinkExploitThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15967Third Party AdvisoryVDB Entry
- http://marc.info/?l=bugtraq&m=108301983206107&w=2Mailing List
- http://secunia.com/advisories/11481Broken LinkExploitVendor Advisory
- http://securitytracker.com/id?1009935Broken LinkExploitThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15967Third Party AdvisoryVDB Entry
FAQ
What is CVE-2004-1967?
CVE-2004-1967 is a vulnerability with a CVSS score of 8.8 (HIGH). Cross-site request forgery (CSRF) vulnerabilities in (1) cp_forums.php, (2) cp_usergroup.php, (3) cp_ipbans.php, (4) myhome.php, (5) post.php, or (6) moderator.php in Open Bulletin Board (OpenBB) 1.0....
How severe is CVE-2004-1967?
CVE-2004-1967 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1967?
Check the references section above for vendor advisories and patch information. Affected products include: Openbb Openbb.