YaBB SE <= 2.1 Multiple Script CRLF Injection Privilege Escalation

High Nessus Network Monitor Plugin ID 4097

Synopsis

The remote host is vulnerable to a flaw that allows for the bypassing of authentication.

Description

The remote host is running the YaBB SE forum management system. There is a flaw in this version of YaBB SE that allows authenticated users to escalate privileges and gain administrative access. The 'Profile.pl' and 'Register.pl' scripts fails to sanitize CRLF sequences. An attacker can use this flaw to write data into their profile which gives them elevated access.

Solution

Upgrade or patch according to vendor recommendations.

See Also

http://www.yabbforum.com/community/?board=general;action=display;num=1181678785

Plugin Details

Severity: High

ID: 4097

Family: CGI

Published: 2007/06/12

Modified: 2018/07/11

Dependencies: 1442

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 7.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

CVSSv3

Base Score: 7.3

Temporal Score: 7.1

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:yabb:yabb

Reference Information

CVE: CVE-2007-3208, CVE-2007-3295

BID: 27414, 24529, 24455