icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

YaBB SE < 1.5.2 Remote File Inclusion and SQL Injection

Medium

Synopsis

The remote host is running the YaBB SE forum management system.

Description

The remote host is running the YaBB SE forum management system. There is a flaw in this version which may allow an attacker to execute arbitrary commands on this host and to inject arbitrary values in the remote SQL database.

Solution

Upgrade to YaBB SE 1.5.2 or higher.