CyberSec.Space Logo
返回 CVE 浏览器

CVE-2004-2403

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1490%
EPSS Percentile8.29th
Published2004年12月31日
Last Modified2026年4月16日

Vulnerability Description

Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters.

Affected Platforms (CPE)

📦
Yabb

Yabb

= 1.40
📦
Yabb

Yabb

= 1.41
📦
Yabb

Yabb

= 1_gold_-_sp_1
📦
Yabb

Yabb

= 1_gold_-_sp_1.2
📦
Yabb

Yabb

= 1_gold_-_sp_1.3
📦
Yabb

Yabb

= 1_gold_-_sp_1.3.1
📦
Yabb

Yabb

= 1_gold_-_sp_1.3.2
📦
Yabb

Yabb

= 1_gold_release
📦
Yabb

Yabb

= 2000-09-01
📦
Yabb

Yabb

= 2000-09-11

References & Advisories

🔗 http://archives.neohapsis.com/archives/bugtraq/2004-09/0227.html
🔗 http://secunia.com/advisories/12593
🔗 http://www.osvdb.org/10243
🔗 http://www.securityfocus.com/bid/11214
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/17453
🔗 http://archives.neohapsis.com/archives/bugtraq/2004-09/0227.html
🔗 http://secunia.com/advisories/12593
🔗 http://www.osvdb.org/10243

相关漏洞威胁

CVE-2004-034310.0

Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the...

CVE-2007-320810.0

CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 allows remote attackers to obtain administrative access via ...

CVE-2013-20579.8

YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability

CVE-2002-01177.5

Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute...