Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

YaBB SE < 1.5.2 Remote File Inclusion and SQL Injection

Medium

Synopsis

The remote host is running the YaBB SE forum management system.

Description

The remote host is running the YaBB SE forum management system. There is a flaw in this version which may allow an attacker to execute arbitrary commands on this host and to inject arbitrary values in the remote SQL database.

Solution

Upgrade to YaBB SE 1.5.2 or higher.