Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

YaBB SE <= 2.1 Multiple Script CRLF Injection Privilege Escalation



The remote host is vulnerable to a flaw that allows for the bypassing of authentication.


The remote host is running the YaBB SE forum management system. There is a flaw in this version of YaBB SE that allows authenticated users to escalate privileges and gain administrative access. The 'Profile.pl' and 'Register.pl' scripts fails to sanitize CRLF sequences. An attacker can use this flaw to write data into their profile which gives them elevated access.


Upgrade or patch according to vendor recommendations.