CyberSec.Space Logo
Back to CVE Browser

CVE-2004-2403

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1490%
EPSS Percentile8.29th
PublishedDec 31, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters.

Affected Platforms (CPE)

πŸ“¦
Yabb

Yabb

= 1.40
πŸ“¦
Yabb

Yabb

= 1.41
πŸ“¦
Yabb

Yabb

= 1_gold_-_sp_1
πŸ“¦
Yabb

Yabb

= 1_gold_-_sp_1.2
πŸ“¦
Yabb

Yabb

= 1_gold_-_sp_1.3
πŸ“¦
Yabb

Yabb

= 1_gold_-_sp_1.3.1
πŸ“¦
Yabb

Yabb

= 1_gold_-_sp_1.3.2
πŸ“¦
Yabb

Yabb

= 1_gold_release
πŸ“¦
Yabb

Yabb

= 2000-09-01
πŸ“¦
Yabb

Yabb

= 2000-09-11

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/bugtraq/2004-09/0227.html
πŸ”— http://secunia.com/advisories/12593
πŸ”— http://www.osvdb.org/10243
πŸ”— http://www.securityfocus.com/bid/11214
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/17453
πŸ”— http://archives.neohapsis.com/archives/bugtraq/2004-09/0227.html
πŸ”— http://secunia.com/advisories/12593
πŸ”— http://www.osvdb.org/10243

Related Vulnerabilities

CVE-2004-034310.0

Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the...

CVE-2007-320810.0

CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 allows remote attackers to obtain administrative access via ...

CVE-2013-20579.8

YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability

CVE-2002-01177.5

Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute...