[原文]Cross-site request forgery (CSRF) vulnerability in editpost.php in MyBulletinBoard (MyBB) before 1.1.5 allows remote attackers to perform unauthorized actions as a logged in user and delete arbitrary forum posts via a bbcode IMG tag with a modified delete parameter in a deletepost action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
MyBulletinBoard (MyBB) contains a flaw that may allow a malicious user to delete posts via HTTP GET requests. The issue is triggered when a malicious post containing a specially crafted 'img' tag is handled by editpost.php script. It is possible that the flaw may allow a non-privileged user to delete arbitrary forum post resulting in a loss of integrity.
Upgrade to version 1.1.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.