CVE-2004-0344

Name of the Vulnerable Software and Affected Versions YaBB SE versions 1.5.4 through 1.5.5b

Description The issue allows remote attackers to delete arbitrary files due to a directory traversal vulnerability. This is achieved by using a .. (dot dot) in the attachOld parameter.

Recommendations For YaBB SE versions 1.5.4 through 1.5.5b, consider restricting access to the ModifyMessage.php file until a patch is available. As a temporary workaround, avoid using the attachOld parameter in the affected API endpoint until the issue is resolved.