An issue exists in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
moderator log notes project moderator log notes 1.1 |