PT-2004-2879 · Yabb · Yabb 1 Gold Sp

Dmitry Shurupov

Published

2004-05-03

Updated

2017-07-11

CVE-2004-1982

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions YaBB 1 Gold SP version 1.2

Description The issue allows remote attackers to modify records in the board's .txt file by injecting carriage return characters in the subject field. This is related to the Post.pl file in the affected software.

Recommendations For YaBB 1 Gold SP version 1.2, avoid using carriage return characters in the subject field until a fix is available. As a temporary workaround, consider validating and sanitizing user input in the subject field to prevent injection of malicious characters.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1982

Affected Products

Yabb 1 Gold Sp

PT-2004-2879 · Yabb · Yabb 1 Gold Sp

CVE-2004-1982

Related Identifiers

Affected Products

References · 6