Vulnerability Description
An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2014-11-05 for MyBB. An attacker can forge a request to an installed mybb2fa plugin to control its state via usercp.php?action=mybb2fa&do=deactivate (or usercp.php?action=mybb2fa&do=activate). A deactivate operation lowers the security of the targeted account by disabling two factor authentication.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mybb-2Fa Project | Mybb-2Fa | <= 2014-11-05 |
Related Weaknesses (CWE)
References
- https://community.mybb.com/thread-162369.htmlIssue TrackingThird Party Advisory
- https://seekurity.com/blog/advisories/mybb-two-factor-authentication-extension-vExploitThird Party Advisory
- https://community.mybb.com/thread-162369.htmlIssue TrackingThird Party Advisory
- https://seekurity.com/blog/advisories/mybb-two-factor-authentication-extension-vExploitThird Party Advisory
FAQ
What is CVE-2019-12363?
CVE-2019-12363 is a vulnerability with a CVSS score of 8.8 (HIGH). An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2014-11-05 for MyBB. An attacker can forge a request to an installed mybb2fa plugin to control its state via usercp.php?action=mybb...
How severe is CVE-2019-12363?
CVE-2019-12363 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-12363?
Check the references section above for vendor advisories and patch information. Affected products include: Mybb-2Fa Project Mybb-2Fa.