CVE-2019-12363
Last modified
CVE-2019-12363 is a vulnerability of currently unknown severity. An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2014-11-05 for MyBB. An attacker can forge a request to an installed mybb2fa plugin to control its state via usercp.php?action=mybb2fa&do=deactivate (or usercp.php?action=mybb2fa&do=activate). EPSS estimates a 0.62% chance of exploitation in the next 30 days.
Description
An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2014-11-05 for MyBB. An attacker can forge a request to an installed mybb2fa plugin to control its state via usercp.php?action=mybb2fa&do=deactivate (or usercp.php?action=mybb2fa&do=activate). A deactivate operation lowers the security of the targeted account by disabling two factor authentication.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mybb-2fa Project | Mybb-2fa | <= 2014-11-05 |
References
- https://community.mybb.com/thread-162369.htmlIssue Tracking, Third Party Advisory
- https://seekurity.com/blog/advisories/mybb-two-factor-authentication-extension-vulnerabilities/Exploit, Third Party Advisory
- https://community.mybb.com/thread-162369.htmlIssue Tracking, Third Party Advisory
- https://seekurity.com/blog/advisories/mybb-two-factor-authentication-extension-vulnerabilities/Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-12363?
How severe is CVE-2019-12363?
How do I fix CVE-2019-12363?
Are you affected by CVE-2019-12363?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST