icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

YaBB Multiple Vulnerabilities

Medium

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running a vulnerable version of YaBB. It is reported that versions up to and including 1 Gold SP 1.3.1 are prone to multiple security flaws including administrator authentication bypassing and cross-site scripting issues. By crafting a malformed URL, an attacker may issue administrator commands or steal cookie-based authentication credentials from an unsuspecting user.

Solution

Upgrade or patch according to vendor recommendations.