CVE-2004-0343

Name of the Vulnerable Software and Affected Versions YaBB SE versions 1.5.4 through 1.5.5b

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the msg parameter or the postid parameter in ModifyMessage.php.

Recommendations For versions 1.5.4 through 1.5.5b, consider restricting access to the ModifyMessage.php file until a patch is available. As a temporary workaround, avoid using the msg and postid parameters in the ModifyMessage.php file to minimize the risk of exploitation.