RSS   Vulnerabilities for 'Mybb-2fa'   RSS

2019-07-11
 
CVE-2019-12363

CWE-352
 

 
An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2014-11-05 for MyBB. An attacker can forge a request to an installed mybb2fa plugin to control its state via usercp.php?action=mybb2fa&do=deactivate (or usercp.php?action=mybb2fa&do=activate). A deactivate operation lowers the security of the targeted account by disabling two factor authentication.

 


Copyright 2024, cxsecurity.com

 

Back to Top