CVE-2007-3208
N/A
N/A
Summary
CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 allows remote attackers to obtain administrative access via requests to (1) register.pl or (2) profile.pl that write CRLF sequences to a .vars file. NOTE: this can be leveraged to execute arbitrary code.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securitytracker.com/id?1018236
- http://www.securityfocus.com/bid/24455
- http://www.yabbforum.com/community/?board=general%3Baction=display%3Bnum=1181678785
- http://osvdb.org/37237
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=538
- http://secunia.com/advisories/25656
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34848
- http://osvdb.org/37236
References
- http://www.securitytracker.com/id?1018236
- http://www.securityfocus.com/bid/24455
- http://www.yabbforum.com/community/?board=general%3Baction=display%3Bnum=1181678785
- http://osvdb.org/37237
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=538
- http://secunia.com/advisories/25656
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34848
- http://osvdb.org/37236
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.