CVE-2004-0291

Name of the Vulnerable Software and Affected Versions YaBB SE versions 1.5.4 through 1.5.5

Description The issue allows remote attackers to obtain hashed passwords. This is achieved through a SQL injection vulnerability in the post.php file, specifically via the quote parameter.

Recommendations For versions 1.5.4 and 1.5.5, as a temporary workaround, consider restricting access to the post.php file until a patch is available. Avoid using the quote parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.