Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

YaBB SE <= 2.1 Multiple Script CRLF Injection Privilege Escalation

High

Synopsis

The remote host is vulnerable to a flaw that allows for the bypassing of authentication.

Description

The remote host is running the YaBB SE forum management system. There is a flaw in this version of YaBB SE that allows authenticated users to escalate privileges and gain administrative access. The 'Profile.pl' and 'Register.pl' scripts fails to sanitize CRLF sequences. An attacker can use this flaw to write data into their profile which gives them elevated access.

Solution

Upgrade or patch according to vendor recommendations.