CVE-2018-11502 - OpenCVE

An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Moderator Log Notes Project	Moderator Log Notes

Configuration 1 [-]

cpe:2.3:a:moderator_log_notes_project:moderator_log_notes:1.1:*:*:*:*:mybb:*:*

References

Link	Resource
https://packetstormsecurity.com/files/148999/MyBB-Moderator-Log-Notes-1.1-Cross-Site-Request-Forgery.html	Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/45224/	Exploit Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-08-24T21:00:00

Updated: 2018-08-24T20:57:01

Reserved: 2018-05-26T00:00:00

Link: CVE-2018-11502

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-08-24T21:29:00.670

Modified: 2018-10-31T14:26:45.437

Link: CVE-2018-11502

JSON object: View

Redhat Information

No data.

CWE

CWE-352

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-08-20T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-08-24T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "45224", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/45224/"}, {"tags": ["x_refsource_MISC"], "url": "https://packetstormsecurity.com/files/148999/MyBB-Moderator-Log-Notes-1.1-Cross-Site-Request-Forgery.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-11502", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "45224", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/45224/"}, {"name": "https://packetstormsecurity.com/files/148999/MyBB-Moderator-Log-Notes-1.1-Cross-Site-Request-Forgery.html", "refsource": "MISC", "url": "https://packetstormsecurity.com/files/148999/MyBB-Moderator-Log-Notes-1.1-Cross-Site-Request-Forgery.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-11502", "datePublished": "2018-08-24T21:00:00", "dateReserved": "2018-05-26T00:00:00", "dateUpdated": "2018-08-24T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moderator_log_notes_project:moderator_log_notes:1.1:*:*:*:*:mybb:*:*", "matchCriteriaId": "B3FB2BA7-E914-4ED7-9B33-69935B0379AD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF."}, {"lang": "es", "value": "Se ha descubierto un problema en el plugin Moderator Log Notes 1.1 para MyBB. Permite que los moderadores guarden notas y los muestren en una lista en modCP. Un atacante puede eliminar remotamente todas las notas mod y registros de notas mod en modCP y ACP mediante CSRF."}], "id": "CVE-2018-11502", "lastModified": "2018-10-31T14:26:45.437", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-24T21:29:00.670", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://packetstormsecurity.com/files/148999/MyBB-Moderator-Log-Notes-1.1-Cross-Site-Request-Forgery.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/45224/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}