oss-sec mailing list archives
CVE Request: YaBB 2.5.2 and earlier arbitrary code execution
From: John Lightsey <john () nixnuts net>
Date: Sat, 04 May 2013 17:22:36 -0500
Hi everyone, Yet another Bulletin Board (YaBB) 2.5.2 and earlier allow arbitrary code execution through a combination of file uploads with predictable locations and unsanitized use of the "guestlanguage" cookie in file paths. This problem is similar to CVE-2007-3295. References: http://www.yabbforum.com/community/YaBB.pl?num=1367511332 http://www.carsten-dalgaard.dk/cgi-bin/yabb2/YaBB.pl?num=1367511256 The vulnerability can be mitigated by setting the $enable_guestlanguage variable to 0 in the YaBB configuration or applying the patch provided in the links.
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE Request: YaBB 2.5.2 and earlier arbitrary code execution John Lightsey (May 04)
- Re: CVE Request: YaBB 2.5.2 and earlier arbitrary code execution Kurt Seifried (May 04)