CVE-2007-3208

Name of the Vulnerable Software and Affected Versions: Yet another Bulletin Board (YaBB) version 2.1

Description: The issue allows remote attackers to obtain administrative access by injecting CRLF sequences into a .vars file through requests to API endpoints such as "register.pl" or "profile.pl". This can be leveraged to execute arbitrary code.

Recommendations: For Yet another Bulletin Board (YaBB) version 2.1, consider restricting access to the "register.pl" and "profile.pl" API endpoints until a patch is available. As a temporary workaround, avoid using these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.