YaBB SE <= 2.1 Multiple Script CRLF Injection Privilege Escalation

high Nessus Network Monitor Plugin ID 4097

Synopsis

The remote host is vulnerable to a flaw that allows for the bypassing of authentication.

Description

The remote host is running the YaBB SE forum management system. There is a flaw in this version of YaBB SE that allows authenticated users to escalate privileges and gain administrative access. The 'Profile.pl' and 'Register.pl' scripts fails to sanitize CRLF sequences. An attacker can use this flaw to write data into their profile which gives them elevated access.

Solution

Upgrade or patch according to vendor recommendations.

See Also

http://www.yabbforum.com/community/?board=general;action=display;num=1181678785

Plugin Details

Severity: High

ID: 4097

Family: CGI

Published: 6/12/2007

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:yabb:yabb

Reference Information

CVE: CVE-2007-3208, CVE-2007-3295

BID: 27414, 24529, 24455