YaBB Multiple Vulnerabilities
Medium Nessus Network Monitor Plugin ID 2305
SynopsisThe remote host is vulnerable to multiple attack vectors.
DescriptionThe remote host is running a vulnerable version of YaBB. It is reported that versions up to and including 1 Gold SP 1.3.1 are prone to multiple security flaws including administrator authentication bypassing and cross-site scripting issues. By crafting a malformed URL, an attacker may issue administrator commands or steal cookie-based authentication credentials from an unsuspecting user.
SolutionUpgrade or patch according to vendor recommendations.