Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

Nucleus 3.31 XSS in path

Remote File Disclosure  in phpCMS 1.2.2

CSRF/XSS in Sungard Banner

VB Marketing "tseekdir. cgi" Local File Inclusion

From:	nbbn_(at)_gmx.net <nbbn_(at)_gmx.net>
Date:	29.01.2008
Subject:	WoltLab Burning Board 3.x.x Private Message Delete XSRF Vulnerability

#############################################################################
WoltLab Burning Board 3.x.x PM Delete Cross-Site Request Forgery Vulnerability
by NBBN.         Founded: 25 December 2007
#############################################################################


Examples:
http://domain.tld/wbb3/index.php?page=PM&action=delete&pmID=[pmid
]
http://domain.tld/wbb3/index.php?page=PM&action=delete&pmID=1

Fix:

Wait for a fix. Or never surf in other sites, if you have autologin on and
don't click links, when you are logged in.

Vulnerability Versions:

I tested it only on 3.0.1 but I think that all version of 3 are vuln.