Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yabb | Yabb | 1.40 |
References
- http://archives.neohapsis.com/archives/bugtraq/2004-09/0227.htmlExploit
- http://secunia.com/advisories/12593ExploitVendor Advisory
- http://www.osvdb.org/10243
- http://www.securityfocus.com/bid/11214Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17453
- http://archives.neohapsis.com/archives/bugtraq/2004-09/0227.htmlExploit
- http://secunia.com/advisories/12593ExploitVendor Advisory
- http://www.osvdb.org/10243
- http://www.securityfocus.com/bid/11214Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17453
FAQ
What is CVE-2004-2403?
CVE-2004-2403 is a vulnerability with a CVSS score of 10.0 (HIGH). Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifi...
How severe is CVE-2004-2403?
CVE-2004-2403 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2403?
Check the references section above for vendor advisories and patch information. Affected products include: Yabb Yabb.