CVE-2007-3295

Name of the Vulnerable Software and Affected Versions Yet another Bulletin Board (YaBB) versions 2.1 and earlier

Description The issue allows remote authenticated users to execute arbitrary Perl code via a .. (dot dot) in the userlanguage profile setting. This setting affects the language variable in files such as HelpCentre.pl and ICQPager.pl, the use lang variable in Subs.pl, and the actlang variable in Post.pl and InstantMessage.pl. An example of exploitation involves modifying the English/HelpCentre.lng file to contain Perl statements and then invoking the help action in YaBB.pl.

Recommendations For Yet another Bulletin Board (YaBB) versions 2.1 and earlier, as a temporary workaround, consider restricting access to the userlanguage profile setting to prevent unauthorized modifications. Additionally, avoid using the userlanguage key in the member hash until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.