Yabb · Yabb Se · CVE-2004-2754
**Name of the Vulnerable Software and Affected Versions**
YaBB SE versions 1.5.3 through 1.5.4
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `ID MEMBER` parameter to the (1) recentTopics and (2) welcome functions.
**Recommendations**
For versions 1.5.3 and 1.5.4, update to version 1.5.5 or later to resolve the issue.