PT-2004-3296 · Yabb · Yabb

Published

2004-12-31

Updated

2017-07-11

CVE-2004-2403

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: YaBB version 1.3.2

Description: A cross-site request forgery issue allows remote attackers to perform unauthorized actions as the administrative user. This can be achieved via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters.

Recommendations: For version 1.3.2, update to a version that includes a fix for this issue to prevent unauthorized actions. As a temporary workaround, consider restricting access to the YaBB.pl script to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-2403

Affected Products

Yabb

PT-2004-3296 · Yabb · Yabb

CVE-2004-2403

Related Identifiers

Affected Products

References · 6