CyberSec.Space Logo
Back to CVE Browser

CVE-2004-0343

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1950%
EPSS Percentile34.09th
PublishedNov 23, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the msg parameter in ModifyMessage.php or (2) the postid parameter in ModifyMessage.php.

Affected Platforms (CPE)

πŸ“¦
Yabb

Yabb

= 1.5.4
πŸ“¦
Yabb

Yabb

= 1.5.5
πŸ“¦
Yabb

Yabb

= 1.5.5b

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=107816202813083&w=2
πŸ”— http://www.securityfocus.com/bid/9774
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/15354
πŸ”— http://marc.info/?l=bugtraq&m=107816202813083&w=2
πŸ”— http://www.securityfocus.com/bid/9774
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/15354

Related Vulnerabilities

CVE-2004-240310.0

Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as...

CVE-2007-320810.0

CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 allows remote attackers to obtain administrative access via ...

CVE-2013-20579.8

YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability

CVE-2002-01177.5

Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute...