Vulnerability CVE-2007-3295


Published: 2007-06-20   Modified: 2012-02-12

Description:
Directory traversal vulnerability in Yet another Bulletin Board (YaBB) 2.1 and earlier allows remote authenticated users to execute arbitrary Perl code via a .. (dot dot) in the userlanguage profile setting, which sets the userlanguage key of the member hash, and is propagated to the language variable in (1) HelpCentre.pl and (2) ICQPager.pl, (3) the use_lang variable in Subs.pl, and the actlang variable in (4) Post.pl and (5) InstantMessage.pl; as demonstrated by pointing userlanguage to the English folder, modifying English/HelpCentre.lng file to contain Perl statements, and then invoking the help action in YaBB.pl.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Local File Include Vulnerabilities in YaBB <= 2.1(all version)
Maciej `krasza` ...
26.06.2007

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
YABB -> YABB 

 References:
http://securityreason.com/securityalert/2818
http://www.securityfocus.com/archive/1/471733/100/0/threaded
http://www.securityfocus.com/bid/24529
https://exchange.xforce.ibmcloud.com/vulnerabilities/34932

Copyright 2021, cxsecurity.com

 

Back to Top