Vulnerability Description
CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 allows remote attackers to obtain administrative access via requests to (1) register.pl or (2) profile.pl that write CRLF sequences to a .vars file. NOTE: this can be leveraged to execute arbitrary code.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yabb | Yabb | 2.1 |
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=538
- http://osvdb.org/37236
- http://osvdb.org/37237
- http://secunia.com/advisories/25656PatchVendor Advisory
- http://www.securityfocus.com/bid/24455Patch
- http://www.securitytracker.com/id?1018236
- http://www.yabbforum.com/community/?board=general%3Baction=display%3Bnum=1181678
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34848
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=538
- http://osvdb.org/37236
- http://osvdb.org/37237
- http://secunia.com/advisories/25656PatchVendor Advisory
- http://www.securityfocus.com/bid/24455Patch
- http://www.securitytracker.com/id?1018236
- http://www.yabbforum.com/community/?board=general%3Baction=display%3Bnum=1181678
FAQ
What is CVE-2007-3208?
CVE-2007-3208 is a vulnerability with a CVSS score of 10.0 (HIGH). CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 allows remote attackers to obtain administrative access via requests to (1) register.pl or (2) profile.pl that write CRLF sequence...
How severe is CVE-2007-3208?
CVE-2007-3208 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3208?
Check the references section above for vendor advisories and patch information. Affected products include: Yabb Yabb.