CVE-2004-0344 — MEDIUM (6.4)

Vulnerability Description

Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. (dot dot) in the attachOld parameter.

CVSS Score

6.4

MEDIUM

AV:N/AC:L/Au:N/C:N/I:P/A:P

Confidentiality

NONE

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Yabb	Yabb	1.5.5

References

http://marc.info/?l=bugtraq&m=107816202813083&w=2
http://www.securityfocus.com/bid/9774ExploitPatchVendor Advisory
http://marc.info/?l=bugtraq&m=107816202813083&w=2
http://www.securityfocus.com/bid/9774ExploitPatchVendor Advisory

FAQ

What is CVE-2004-0344?

CVE-2004-0344 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. (dot dot) in the attachOld parameter.

How severe is CVE-2004-0344?

CVE-2004-0344 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2004-0344?

Check the references section above for vendor advisories and patch information. Affected products include: Yabb Yabb.