Maciej Kukla

**Name of the Vulnerable Software and Affected Versions** Yet another Bulletin Board (YaBB) versions 2.1 and earlier **Description** The issue allows remote authenticated users to execute arbitrary Perl code via a .. (dot dot) in the `userlanguage` profile setting. This setting affects the `language` variable in files such as HelpCentre.pl and ICQPager.pl, the `use lang` variable in Subs.pl, and the `actlang` variable in Post.pl and InstantMessage.pl. An example of exploitation involves modifying the English/HelpCentre.lng file to contain Perl statements and then invoking the help action in YaBB.pl. **Recommendations** For Yet another Bulletin Board (YaBB) versions 2.1 and earlier, as a temporary workaround, consider restricting access to the `userlanguage` profile setting to prevent unauthorized modifications. Additionally, avoid using the `userlanguage` key in the member hash until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.