CVE-2007-3208 Information

Feb 14, 2021 cve

Description

CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 allows remote attackers to obtain administrative access via requests to (1) register.pl or (2) profile.pl that write CRLF sequences to a .vars file. NOTE: this can be leveraged to execute arbitrary code.

Reference

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=538 http://osvdb.org/37236 http://osvdb.org/37237 http://secunia.com/advisories/25656 http://www.securityfocus.com/bid/24455 http://www.securitytracker.com/id?1018236 http://www.yabbforum.com/community/?board=general;action=display;num=1181678785 https://exchange.xforce.ibmcloud.com/vulnerabilities/34848

Share on: