CyberSec.Space Logo
Back to CVE Browser

CVE-2007-3208

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1060%
EPSS Percentile22.69th
PublishedJun 14, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 allows remote attackers to obtain administrative access via requests to (1) register.pl or (2) profile.pl that write CRLF sequences to a .vars file. NOTE: this can be leveraged to execute arbitrary code.

Affected Platforms (CPE)

πŸ“¦
Yabb

Yabb

= 2.1

References & Advisories

πŸ”— http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=538
πŸ”— http://osvdb.org/37236
πŸ”— http://osvdb.org/37237
πŸ”— http://secunia.com/advisories/25656
πŸ”— http://www.securityfocus.com/bid/24455
πŸ”— http://www.securitytracker.com/id?1018236
πŸ”— http://www.yabbforum.com/community/?board=general%3Baction=display%3Bnum=1181678785
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/34848

Related Vulnerabilities

CVE-2004-240310.0

Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as...

CVE-2004-034310.0

Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the...

CVE-2013-20579.8

YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability

CVE-2002-01177.5

Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute...