Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify records in the board's .txt file via carriage return characters in the subject field.
https://exchange.xforce.ibmcloud.com/vulnerabilities/16050
http://www.yabbforum.com/community/YaBB.pl?board=general%3Baction=display%3Bnum=1093133233