CVE-2011-5131

Published: Aug 30, 2012Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of a user for requests that change the user's language via the language parameter.

Affected (50)

Products: Mybb: Mybb

Mybb

1 product

Mybb

Configuration A

50 vulnerable

Vulnerable Software	Affected Versions
Mybb Mybb	Up to 1.6.4
Mybb Mybb	Version 1.1.0
Mybb Mybb	Version 1.1.1
Mybb Mybb	Version 1.1.2
Mybb Mybb	Version 1.1.3
Mybb Mybb	Version 1.1.4
Mybb Mybb	Version 1.1.5
Mybb Mybb	Version 1.1.6
Mybb Mybb	Version 1.1.7
Mybb Mybb	Version 1.1.8
Mybb Mybb	Version 1.2.0
Mybb Mybb	Version 1.2.10
Mybb Mybb	Version 1.2.11
Mybb Mybb	Version 1.2.12
Mybb Mybb	Version 1.2.13
Mybb Mybb	Version 1.2.14
Mybb Mybb	Version 1.2.1
Mybb Mybb	Version 1.2.2
Mybb Mybb	Version 1.2.3
Mybb Mybb	Version 1.2.4
Mybb Mybb	Version 1.2.5
Mybb Mybb	Version 1.2.6
Mybb Mybb	Version 1.2.7
Mybb Mybb	Version 1.2.8
Mybb Mybb	Version 1.2.9
Mybb Mybb	Version 1.2
Mybb Mybb	Version 1.3 pre-1.0
Mybb Mybb	Version 1.4.0
Mybb Mybb	Version 1.4.10
Mybb Mybb	Version 1.4.11
Mybb Mybb	Version 1.4.12
Mybb Mybb	Version 1.4.13
Mybb Mybb	Version 1.4.14
Mybb Mybb	Version 1.4.15
Mybb Mybb	Version 1.4.16
Mybb Mybb	Version 1.4.1
Mybb Mybb	Version 1.4.2
Mybb Mybb	Version 1.4.3
Mybb Mybb	Version 1.4.4
Mybb Mybb	Version 1.4.5
Mybb Mybb	Version 1.4.6
Mybb Mybb	Version 1.4.7
Mybb Mybb	Version 1.4.8
Mybb Mybb	Version 1.4.9
Mybb Mybb	Version 1.5.1
Mybb Mybb	Version 1.5.2
Mybb Mybb	Version 1.6.0
Mybb Mybb	Version 1.6.1
Mybb Mybb	Version 1.6.2
Mybb Mybb	Version 1.6.3