CyberSec.Space Logo
返回 CVE 浏览器

CVE-2007-3208

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1060%
EPSS Percentile22.69th
Published2007年6月14日
Last Modified2026年4月23日

Vulnerability Description

CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 allows remote attackers to obtain administrative access via requests to (1) register.pl or (2) profile.pl that write CRLF sequences to a .vars file. NOTE: this can be leveraged to execute arbitrary code.

Affected Platforms (CPE)

📦
Yabb

Yabb

= 2.1

References & Advisories

🔗 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=538
🔗 http://osvdb.org/37236
🔗 http://osvdb.org/37237
🔗 http://secunia.com/advisories/25656
🔗 http://www.securityfocus.com/bid/24455
🔗 http://www.securitytracker.com/id?1018236
🔗 http://www.yabbforum.com/community/?board=general%3Baction=display%3Bnum=1181678785
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/34848

相关漏洞威胁

CVE-2004-240310.0

Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as...

CVE-2004-034310.0

Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the...

CVE-2013-20579.8

YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability

CVE-2002-01177.5

Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute...