PT-2004-2879 · Yabb · Yabb 1 Gold Sp

Dmitry Shurupov

Publicado

2004-05-03

Atualizado

2017-07-11

CVE-2004-1982

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions YaBB 1 Gold SP version 1.2

Description The issue allows remote attackers to modify records in the board's .txt file by injecting carriage return characters in the subject field. This is related to the Post.pl file in the affected software.

Recommendations For YaBB 1 Gold SP version 1.2, avoid using carriage return characters in the subject field until a fix is available. As a temporary workaround, consider validating and sanitizing user input in the subject field to prevent injection of malicious characters.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2004-1982

Produtos afetados

Yabb 1 Gold Sp

PT-2004-2879 · Yabb · Yabb 1 Gold Sp

CVE-2004-1982

Identificadores relacionados

Produtos afetados

Referências · 6